openssh bugs - Jun 2021 - [Bug 3290] ControlPersist opens shell even with -N

https://bugzilla.mindrot.org/show_bug.cgi?id=3290

            Bug ID: 3290
           Summary: ControlPersist opens shell even with -N
           Product: Portable OpenSSH
           Version: 8.5p1
          Hardware: amd64
                OS: All
            Status: NEW
          Severity: minor
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: bugzillamindroto-mzk3bxkyqa at central-intelligence.agenc
                    y

I'm trying to use an SSH tunnel through a host that only allows local
port forwarding, nothing else.

For reproducibility purposes the example in this report uses a pretty
much default ssh configuration with the users shell being a shell
script echoing that the user isn't supposed to login and then exits.

As I'm defaulting to using ControlMaster and ControlPersist in my
ssh_config I came across this, as it effectively makes this connection
impossible to use unless ControlMaster and ControlPath are explicitly
disabled for this destination.

A working example would be

ssh -F /dev/null -vvv -N -o ControlMaster=auto -o ControlPath=~/cptest
localhost

In this case I can open a connection and nothing happens, as expected.
Adding a port forward with -L works fine too and I can reach the
intended destination. Great.

Once I add ControlPersist to this command however it breaks:

ssh -F /dev/null -vvv -N -o ControlMaster=auto -o ControlPath=~/cptest
-o ControlPersist=5 localhost

Leading up to the exit I find this in the SSH logs (some lines
omitted):

debug2: channel 2: request shell confirm 1
debug2: shell request accepted on channel 2
This is not a real shell, you are not supposed to login.
debug1: client_input_channel_req: channel 2 rtype exit-status reply 0
debug3: mux_exit_message: channel 2: exit message, exitval 0

The message is coming from the users shell.

The ControlMaster keeps running in the background until ControlPersist
times out. I can also verify that it still has a working session as I
can access a -L forwarded port before it's closing the ControlMaster
session.

Client and server config as well as -vvv client logs of both scenarios
are attached.

Tested on 8.1 (macOS), 8.2 (Linux) and 8.5 (Linux).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3290

--- Comment #1 from Richard Schwab <bugzillamindroto-mzk3bxkyqa at
central-intelligence.agency> ---
Created attachment 3490
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3490&action=edit
ssh_config

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3290

--- Comment #2 from Richard Schwab <bugzillamindroto-mzk3bxkyqa at
central-intelligence.agency> ---
Created attachment 3491
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3491&action=edit
sshd_config

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3290

--- Comment #3 from Richard Schwab <bugzillamindroto-mzk3bxkyqa at
central-intelligence.agency> ---
Created attachment 3492
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3492&action=edit
client logs with ControlPersist

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3290

--- Comment #4 from Richard Schwab <bugzillamindroto-mzk3bxkyqa at
central-intelligence.agency> ---
Created attachment 3493
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3493&action=edit
client logs without ControlPersist

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3290

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org,
                   |                            |dtucker at dtucker.net
           Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
             Status|NEW                         |ASSIGNED
   Attachment #3512|                            |ok?(dtucker at dtucker.net)
              Flags|                            |

--- Comment #5 from Damien Miller <djm at mindrot.org> ---
Created attachment 3512
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3512&action=edit
handle -N with ControlPersist

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3290

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |3302


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3302
[Bug 3302] Tracking bug for openssh-8.7
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3290

--- Comment #6 from Damien Miller <djm at mindrot.org> ---
A similar fix was committed in 1e9fa55f4dc4b and will be in OpenSSH 8.7

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3290

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3290

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #7 from Damien Miller <djm at mindrot.org> ---
closing bugs resolved before openssh-8.9

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3290

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3512|ok?(dtucker at dtucker.net)    |
              Flags|                            |

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.