Hello,
Trying to get Oracle DataGuard running, which basically does a lot
of work between two replicating databases via rsh/ssh. It is breaking
because it pays very close attention to the exit status of ssh commands.
We are using OpenSSH 2.5.2p2 (also tried 2.9p1, same result) on Solaris 7
and 8. This seems to be Solaris specific, because I can't reproduce it
on Linux.
I've reduced it down to a simple test case, using the SSH2 protocol with
passwordless private keys:
ssh somehost -n "/bin/true" ; echo $?
It seems that the interaction between SSH2 support and the -n flag
(redirecting input from /dev/null) causes the exit status to be funny.
(Oracle DataGuard actually runs that exact command to determine if SSH is
working, and it fails)
Output below:
(ssh2 with -n flag, exit status is -1, although I've also seen 255)
3:33pm.orangecrush: ~> ssh -v qacrmdb -n /bin/true
OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 504 geteuid 504 anon 1
debug1: Connecting to qacrmdb [10.43.0.61] port 22.
debug1: temporarily_use_uid: 504/504 (e=504)
debug1: restore_uid
debug1: temporarily_use_uid: 504/504 (e=504)
debug1: restore_uid
debug1: Connection established.
debug1: identity file /home/ipopovet/.ssh/identity type 0
debug1: identity file /home/ipopovet/.ssh/id_rsa type -1
debug1: identity file /home/ipopovet/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version
OpenSSH_2.9p1
debug1: match: OpenSSH_2.9p1 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 134/256
debug1: bits set: 1008/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'qacrmdb' is known and matches the DSA host key.
debug1: Found key in /home/ipopovet/.ssh/known_hosts2:85
debug1: bits set: 1036/2049
debug1: len 55 datafellows 0
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can
continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /home/ipopovet/.ssh/id_rsa
debug1: try pubkey: /home/ipopovet/.ssh/id_dsa
debug1: input_userauth_pk_ok: pkalg ssh-dss blen 434 lastkey 13a380 hint 2
debug1: read PEM private key done: type DSA
debug1: sig size 20 20
debug1: ssh-userauth2 successful: method publickey
debug1: fd 5 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug1: channel_new: 0
debug1: send channel open 0
debug1: Entering interactive session.
debug1: client_init id 0 arg 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending command: /bin/true
debug1: channel 0: open confirm rwindow 0 rmax 16384
debug1: channel 0: read<=0 rfd 5 len 0
debug1: channel 0: read failed
debug1: channel 0: input open -> drain
debug1: channel 0: close_read
debug1: channel 0: input: no drain shortcut
debug1: channel 0: ibuf empty
debug1: channel 0: input drain -> closed
debug1: channel 0: send eof
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: channel 0: rcvd close
debug1: channel 0: obuf empty
debug1: channel 0: output drain -> closed
debug1: channel 0: close_write
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel_free: channel 0: status: The following connections are
open:
#0 client-session (t4 r0 i8/0 o128/0 fd -1/-1)
debug1: channel_free: channel 0: dettaching channel user
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.2 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status -1
(ssh2, no -n flag, exit status is 0)
3:32pm.orangecrush: ~> ssh -v qacrmdb /bin/true
OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 504 geteuid 504 anon 1
debug1: Connecting to qacrmdb [10.43.0.61] port 22.
debug1: temporarily_use_uid: 504/504 (e=504)
debug1: restore_uid
debug1: temporarily_use_uid: 504/504 (e=504)
debug1: restore_uid
debug1: Connection established.
debug1: identity file /home/ipopovet/.ssh/identity type 0
debug1: identity file /home/ipopovet/.ssh/id_rsa type -1
debug1: identity file /home/ipopovet/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version
OpenSSH_2.9p1
debug1: match: OpenSSH_2.9p1 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 127/256
debug1: bits set: 991/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'qacrmdb' is known and matches the DSA host key.
debug1: Found key in /home/ipopovet/.ssh/known_hosts2:85
debug1: bits set: 979/2049
debug1: len 55 datafellows 0
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can
continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /home/ipopovet/.ssh/id_rsa
debug1: try pubkey: /home/ipopovet/.ssh/id_dsa
debug1: input_userauth_pk_ok: pkalg ssh-dss blen 434 lastkey 13a380 hint 2
debug1: read PEM private key done: type DSA
debug1: sig size 20 20
debug1: ssh-userauth2 successful: method publickey
debug1: channel 0: new [client-session]
debug1: channel_new: 0
debug1: send channel open 0
debug1: Entering interactive session.
debug1: client_init id 0 arg 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending command: /bin/true
debug1: channel 0: open confirm rwindow 0 rmax 16384
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: channel 0: obuf empty
debug1: channel 0: output drain -> closed
debug1: channel 0: close_write
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: rcvd close
debug1: channel 0: input open -> closed
debug1: channel 0: close_read
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel_free: channel 0: status: The following connections are
open:
#0 client-session (t4 r0 i8/0 o128/0 fd -1/-1)
debug1: channel_free: channel 0: dettaching channel user
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.3 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0
(ssh1, with -n flag, exit status is 0)
3:33pm.orangecrush: ~> ssh -1 -v qacrmdb -n /bin/true
OpenSSH_2.9p1, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 504 geteuid 504 anon 1
debug1: Connecting to qacrmdb [10.43.0.61] port 22.
debug1: temporarily_use_uid: 504/504 (e=504)
debug1: restore_uid
debug1: temporarily_use_uid: 504/504 (e=504)
debug1: restore_uid
debug1: Connection established.
debug1: identity file /home/ipopovet/.ssh/identity type 0
debug1: Remote protocol version 1.99, remote software version
OpenSSH_2.9p1
debug1: match: OpenSSH_2.9p1 pat ^OpenSSH
debug1: Local version string SSH-1.5-OpenSSH_2.9p1
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'qacrmdb' is known and matches the RSA1 host key.
debug1: Found key in /home/ipopovet/.ssh/known_hosts:120
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying RSA authentication with key 'ipopovet at orangecrush'
debug1: Received RSA challenge from server.
debug1: Sending response to host key RSA challenge.
debug1: Remote: RSA authentication accepted.
debug1: RSA authentication accepted by server.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending command: /bin/true
debug1: Entering interactive session.
debug1: Sending eof.
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.2 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0
