bugzilla-daemon at mindrot.org
2021-Mar-17 08:45 UTC
[Bug 3281] New: ssh client does not fail on being killed by signal (i.e. SIGTERM)
https://bugzilla.mindrot.org/show_bug.cgi?id=3281 Bug ID: 3281 Summary: ssh client does not fail on being killed by signal (i.e. SIGTERM) Product: Portable OpenSSH Version: 8.5p1 Hardware: All OS: Linux Status: NEW Severity: major Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: alexxz at alexxz.ru Created attachment 3481 --> https://bugzilla.mindrot.org/attachment.cgi?id=3481&action=edit Patch to fix the described wrong behavior How to reproduce # Make sure you have already added localhost to known hosts and have no difficulties connecting it $ ssh -V OpenSSH_8.2p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1f 31 Mar 2020 OpenSSH_8.0p1, OpenSSL 1.1.1c FIPS 28 May 2019 OpenSSH_8.5p1, OpenSSL 1.1.1f 31 Mar 2020 $ ssh localhost sleep 1000 & sleep 2; kill $!; wait $!; echo "exit code of $! is $?" [1] 963702 [1]+ Done ssh localhost sleep 1000 exit code of 963702 is 0 What does testing code do? It runs ssh session, waits for 2 seconds to make sure connection is established well, kills ssh client and outputs its exit code. As you can see ssh client is ended successful on being killed. Correct (expected) behavior $ ssh -V OpenSSH_7.2p2, OpenSSL 1.0.2p-fips 14 Aug 2018 $ ssh localhost sleep 1000 & sleep 2; kill $!; wait $!; echo "exit code of $! is $?" [1] 24309 Killed by signal 15. [1]+ Exit 255 ssh localhost sleep 1000 exit code of 24309 is 255 Origin The issue seems was introduced by this commit https://github.com/openssh/openssh-portable/commit/b1e72df2b813ecc15bd0152167bf4af5f91c36d3 which intent was to hide extra message to verbose logging to make the client behavior better. Unfortunately this issue additionally changed the exit code of ssh client. Bugfix if (received_signal) { verbose("Killed by signal %d.", (int) received_signal); - cleanup_exit(0); + cleanup_exit(255); } /* Impact We are widely using ssh in our environment to run remote execution tasks. And the main controlling point of successful task execution is 0 exit code of ssh client. Unfortunately in rare cases ssh clients might be killed by signals and we count their termination status as successful. I feel many automation scripts in all modern Linux infrastructures are relying on ssh client exit code and currently may be a bit malfunctioning. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Mar-17 08:46 UTC
[Bug 3281] ssh client does not fail on being killed by signal (i.e. SIGTERM)
https://bugzilla.mindrot.org/show_bug.cgi?id=3281 Alexxz <alexxz at alexxz.ru> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |alexxz at alexxz.ru -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Mar-19 02:23 UTC
[Bug 3281] ssh client does not fail on being killed by signal (i.e. SIGTERM)
https://bugzilla.mindrot.org/show_bug.cgi?id=3281 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Blocks| |3270 CC| |djm at mindrot.org Resolution|--- |FIXED --- Comment #1 from Damien Miller <djm at mindrot.org> --- Fixed - thanks. This will be in OpenSSH 8.6, due for release within two months. Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=3270 [Bug 3270] Tracking bug for 8.6 release -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 05:09 UTC
[Bug 3281] ssh client does not fail on being killed by signal (i.e. SIGTERM)
https://bugzilla.mindrot.org/show_bug.cgi?id=3281 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #2 from Damien Miller <djm at mindrot.org> --- closing resolved bugs as of 8.6p1 release -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.