Corinna Vinschen
2001-Sep-04 19:25 UTC
2.9p2 behaves different from 2.5.2p2 on tunneling issue
Hi, I have a problem with a Linux box which I updated from 2.5.2p2 to 2.9p2 recently. It's running a tunnel started via inittab using a script which starts ssh -2 -N -o 'ConnectionAttempts 3600' -L <tunnel> $host This has run reliable with 2.5.2 over the last months. Now, after I have upgraded to 2.9p2, the tunnel is closed right after each attempt of an application to use the tunnel which is a cron job running each 5 minutes. So, now the tunnel is closed and restarted each 5 minutes :-( The message in the syslog is "Connection closed by foreign host". If that's of interest, 2.5.2p2 was compiled with OpenSSL 0.9.5, 2.9p2 is compiled using OpenSSL 0.9.6b. Does anybody know what's going on or what I did wrong? Or do I need to give more details? Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:vinschen at redhat.com
Corinna Vinschen
2001-Sep-07 13:45 UTC
2.9p2 behaves different from 2.5.2p2 on tunneling issue
On Tue, Sep 04, 2001 at 09:25:59PM +0200, Corinna Vinschen wrote:> Hi, > > I have a problem with a Linux box which I updated from 2.5.2p2 > to 2.9p2 recently. It's running a tunnel started via inittab > using a script which starts > > ssh -2 -N -o 'ConnectionAttempts 3600' -L <tunnel> $host > > This has run reliable with 2.5.2 over the last months. Now, after > I have upgraded to 2.9p2, the tunnel is closed right after each > attempt of an application to use the tunnel which is a cron job > running each 5 minutes. So, now the tunnel is closed and restarted > each 5 minutes :-( > > The message in the syslog is "Connection closed by foreign host". > > If that's of interest, 2.5.2p2 was compiled with OpenSSL 0.9.5, > 2.9p2 is compiled using OpenSSL 0.9.6b. > > > Does anybody know what's going on or what I did wrong? Or do > I need to give more details? > > CorinnaSorry for being pushy. Does nobody know what the reason for the above difference could be? Why does 2.9p2 close the connection all the time and 2.5.2p2 doesn't? And - even more important - how can I workaround that with 2.9p2? Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:vinschen at redhat.com
Markus Friedl
2001-Sep-12 10:42 UTC
2.9p2 behaves different from 2.5.2p2 on tunneling issue
the previous -N implementation was broken. http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh.c.diff?r1=1.105&r2=1.106 On Tue, Sep 04, 2001 at 09:25:59PM +0200, Corinna Vinschen wrote:> This has run reliable with 2.5.2 over the last months. Now, after > I have upgraded to 2.9p2, the tunnel is closed right after each > attempt of an application to use the tunnel which is a cron job > running each 5 minutes. So, now the tunnel is closed and restarted > each 5 minutes :-(i cannot reproduce this. the previous behaviour was to close the connection after the last connection to the localhost port has been closed. now (2.9) the connection should not be closed at all....> > The message in the syslog is "Connection closed by foreign host". > > If that's of interest, 2.5.2p2 was compiled with OpenSSL 0.9.5, > 2.9p2 is compiled using OpenSSL 0.9.6b. > > > Does anybody know what's going on or what I did wrong? Or do > I need to give more details? > > Corinna > > -- > Corinna Vinschen > Cygwin Developer > Red Hat, Inc. > mailto:vinschen at redhat.com
Corinna Vinschen
2001-Sep-18 14:27 UTC
2.9p2 behaves different from 2.5.2p2 on tunneling issue
On Tue, Sep 18, 2001 at 02:01:33PM +0200, Markus Friedl wrote:> On Tue, Sep 18, 2001 at 01:42:30PM +0200, Corinna Vinschen wrote: > > > > i think you only need these > > > { "^2\\.0\\.1[3-9]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| > > { "^2\\.0\\.1[1-2]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| > > { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| > > > Index: ssh.c > > ==================================================================> > RCS file: /cvs/openssh_cvs/ssh.c,v > > retrieving revision 1.116 > > diff -u -p -r1.116 ssh.c > > --- ssh.c 2001/09/12 18:32:20 1.116 > > +++ ssh.c 2001/09/18 11:45:20 > > @@ -1163,7 +1163,8 @@ ssh_session2(void) > > /* XXX should be pre-session */ > > ssh_init_forwarding(); > > > > - id = no_shell_flag ? -1 : ssh_session2_command(); > > + id = no_shell_flag && !(datafellows & SSH_BUG_CLOSECONN) ? > > + -1 : ssh_session2_command(); > > > > /* If requested, let ssh continue in the background. */ > > if (fork_after_authentication_flag) > > ^^^ you also need to make sure that ssh_session2_command() > does not install a callback if no_shell_flag is set.Thanks, is the following patch acceptable? Corinna Index: compat.c ==================================================================RCS file: /cvs/openssh_cvs/compat.c,v retrieving revision 1.51 diff -u -p -r1.51 compat.c --- compat.c 2001/09/18 05:55:10 1.51 +++ compat.c 2001/09/18 14:30:33 @@ -93,18 +93,20 @@ compat_datafellows(const char *version) SSH_OLD_SESSIONID|SSH_BUG_DEBUG| SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| - SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE }, + SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE| + SSH_BUG_CLOSECONN }, { "^2\\.0\\.1[1-2]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID|SSH_BUG_DEBUG| SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| SSH_BUG_PKAUTH|SSH_BUG_PKOK| - SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE }, + SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| + SSH_BUG_CLOSECONN }, { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID|SSH_BUG_DEBUG| SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| SSH_BUG_PKAUTH|SSH_BUG_PKOK| SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| - SSH_BUG_DERIVEKEY }, + SSH_BUG_DERIVEKEY|SSH_BUG_CLOSECONN }, { "^2\\.[23]\\.0", SSH_BUG_HMAC|SSH_BUG_DEBUG| SSH_BUG_RSASIGMD5 }, { "^2\\.3\\.", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5 }, Index: compat.h ==================================================================RCS file: /cvs/openssh_cvs/compat.h,v retrieving revision 1.26 diff -u -p -r1.26 compat.h --- compat.h 2001/07/04 04:46:57 1.26 +++ compat.h 2001/09/18 14:30:33 @@ -50,6 +50,7 @@ #define SSH_BUG_HBSERVICE 0x00010000 #define SSH_BUG_OPENFAILURE 0x00020000 #define SSH_BUG_DERIVEKEY 0x00040000 +#define SSH_BUG_CLOSECONN 0x00100000 void enable_compat13(void); void enable_compat20(void); Index: ssh.c ==================================================================RCS file: /cvs/openssh_cvs/ssh.c,v retrieving revision 1.116 diff -u -p -r1.116 ssh.c --- ssh.c 2001/09/12 18:32:20 1.116 +++ ssh.c 2001/09/18 14:30:35 @@ -1149,8 +1149,10 @@ ssh_session2_command(void) debug3("ssh_session2_command: channel_new: %d", c->self); channel_send_open(c->self); - channel_register_callback(c->self, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, - ssh_session2_callback, (void *)0); + if (!no_shell_flag) + channel_register_callback(c->self, + SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, + ssh_session2_callback, (void *)0); return c->self; } @@ -1163,7 +1165,8 @@ ssh_session2(void) /* XXX should be pre-session */ ssh_init_forwarding(); - id = no_shell_flag ? -1 : ssh_session2_command(); + id = no_shell_flag && !(datafellows & SSH_BUG_CLOSECONN) ? + -1 : ssh_session2_command(); /* If requested, let ssh continue in the background. */ if (fork_after_authentication_flag)