Bug 706396 - stale control sockets prevent connection multiplexing.
stale control sockets prevent connection multiplexing.
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
14
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jan F. Chadima
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-05-20 08:23 EDT by David Woodhouse
Modified: 2011-06-16 05:47 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-06-16 05:47:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
fix problem by automatically removing stale control sockets (485 bytes, patch)
2011-05-20 08:25 EDT, David Woodhouse
no flags Details | Diff

  None (edit)
Description David Woodhouse 2011-05-20 08:23:28 EDT
When using 'ControlMaster auto', openssh will automatically create a 'control socket' when one doesn't already exist, and multiplex multiple sessions over a single authenticated connection.

The control socket is a UNIX socket which resides in the file system.

It's supposed to be cleaned up automatically by the 'master' process when it exits, but that isn't always possible. A system crash or reboot, for example, may often leave stale sockets lying around.

OpenSSH does not cope with this situation; the existence of a stale socket will prevent it from using multiplexing for ever more:

 $ ssh mercury whoami
Control socket connect(/home/dwmw2/.ssh/sockets/mercury-22-dwmw2): Connection refused
dwmw2@mercury's password: 
ControlSocket /home/dwmw2/.ssh/sockets/mercury-22-dwmw2 already exists, disabling multiplexing
dwmw2
 $ ssh mercury whoami
Control socket connect(/home/dwmw2/.ssh/sockets/mercury-22-dwmw2): Connection refused
dwmw2@mercury's password: 
ControlSocket /home/dwmw2/.ssh/sockets/mercury-22-dwmw2 already exists, disabling multiplexing
dwmw2
 $ rm /home/dwmw2/.ssh/sockets/mercury-22-dwmw2
 $ ssh mercury whoami
dwmw2@mercury's password: 
dwmw2
 $ ssh mercury whoami
dwmw2
Comment 1 David Woodhouse 2011-05-20 08:24:42 EDT
This is https://bugzilla.mindrot.org/show_bug.cgi?id=1329
Comment 2 David Woodhouse 2011-05-20 08:25:33 EDT
Created attachment 500048 [details]
fix problem by automatically removing stale control sockets
Comment 3 Jan F. Chadima 2011-05-23 00:49:13 EDT
there is still one question:

https://bugzilla.mindrot.org/show_bug.cgi?id=1329#c1


this may harm the openssh's behavior dramatically.
Comment 4 David Woodhouse 2011-05-23 05:40:14 EDT
No. I replied to that in https://bugzilla.mindrot.org/show_bug.cgi?id=1329#c6

You *only* get -ECONNREFUSED if there really isn't anything listening. If there is an existing socket which is backlogged, you'll eventually get -EAGAIN after a timeout. (On Linux, at least; I haven't checked other systems but see no reason why it should be different).

Besides, if there's an existing socket that isn't responding to connections, surely the best option is to remove it and create a new one? 

I suppose that observation applies best in the 'ControlMaster auto' case, so we could make the unlink happen automatically *only* if it would be automatically recreated? I'll provide an updated patch to do that.
Comment 5 Jan F. Chadima 2011-06-16 05:47:34 EDT
experimentally added to rawhide

Note You need to log in before you can comment on or make changes to this bug.