openssh unix dev - Jul 2002 - so-called-hang-on-exit

so, should this go into 3.5?

Index: serverloop.c
==================================================================RCS file:
/home/markus/cvs/ssh/serverloop.c,v
retrieving revision 1.103
diff -u -r1.103 serverloop.c
--- serverloop.c	24 Jun 2002 14:33:27 -0000	1.103
+++ serverloop.c	12 Jul 2002 16:34:20 -0000
@@ -388,6 +388,11 @@
 			buffer_append(&stderr_buffer, buf, len);
 		}
 	}
+	/* allow data loss on pty */
+	if (child_terminated && fderr == -1 && !fdout_eof) {
+		close(fdout);
+		fdout_eof = 1;
+	}
 }
 
 /*
Index: session.c
==================================================================RCS file:
/home/markus/cvs/ssh/session.c,v
retrieving revision 1.143
diff -u -r1.143 session.c
--- session.c	30 Jun 2002 21:54:16 -0000	1.143
+++ session.c	12 Jul 2002 16:35:32 -0000
@@ -1629,11 +1629,15 @@
 	/*
 	 * emulate a write failure with 'chan_write_failed', nobody will be
 	 * interested in data we write.
-	 * Note that we must not call 'chan_read_failed', since there could
+	 * Note that for the non-pty case we must not call 'chan_read_failed',
+	 * since there could
 	 * be some more data waiting in the pipe.
 	 */
 	if (c->ostate != CHAN_OUTPUT_CLOSED)
 		chan_write_failed(c);
+	/* allow data loss on pty */
+	if (s->ttyfd != -1 && c->istate == CHAN_INPUT_OPEN)
+		chan_read_failed(c);       
 	s->chanid = -1;
 }

It's been working fantastically for me.
/fc

On Wed, Jul 31, 2002 at 06:35:47PM +0200, Markus Friedl
wrote:
> so, should this go into 3.5?
> 
> Index: serverloop.c
> ==================================================================> RCS
file: /home/markus/cvs/ssh/serverloop.c,v
> retrieving revision 1.103
> diff -u -r1.103 serverloop.c
> --- serverloop.c	24 Jun 2002 14:33:27 -0000	1.103
> +++ serverloop.c	12 Jul 2002 16:34:20 -0000
> @@ -388,6 +388,11 @@
>  			buffer_append(&stderr_buffer, buf, len);
>  		}
>  	}
> +	/* allow data loss on pty */
> +	if (child_terminated && fderr == -1 && !fdout_eof) {
> +		close(fdout);
> +		fdout_eof = 1;
> +	}
>  }
>  
>  /*
> Index: session.c
> ==================================================================> RCS
file: /home/markus/cvs/ssh/session.c,v
> retrieving revision 1.143
> diff -u -r1.143 session.c
> --- session.c	30 Jun 2002 21:54:16 -0000	1.143
> +++ session.c	12 Jul 2002 16:35:32 -0000
> @@ -1629,11 +1629,15 @@
>  	/*
>  	 * emulate a write failure with 'chan_write_failed', nobody will
be
>  	 * interested in data we write.
> -	 * Note that we must not call 'chan_read_failed', since there
could
> +	 * Note that for the non-pty case we must not call
'chan_read_failed',
> +	 * since there could
>  	 * be some more data waiting in the pipe.
>  	 */
>  	if (c->ostate != CHAN_OUTPUT_CLOSED)
>  		chan_write_failed(c);
> +	/* allow data loss on pty */
> +	if (s->ttyfd != -1 && c->istate == CHAN_INPUT_OPEN)
> +		chan_read_failed(c);       
>  	s->chanid = -1;
>  }
>  
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>

Also cures HP-UX 9.05 using OpenSSH_3.4p1

-- 
John H. Dunlap                        University of Washington
Senior Electrical Engineer            Applied Physics Laboratory
dunlap at apl.washington.edu             1013 NE 40th Street
206-543-7207, 543-1300, FAX 543-6785  Seattle, WA   98105-6698

On Wed, 31 Jul 2002, Markus Friedl wrote:
> so, should this go into 3.5?
I vote no, it should not. Here is why:
 
> +	/* allow data loss on pty */
And it indeed happens. After applying this patch, if I say 
'ssh -t localhost pico' and then exit pico I get a garbled screen. 
Picos screen clearing and terminal attribute resetting escape 
sequences are lost because of allowing data loss on pty (pico is just an 
example. I guess most tty programs will behave the same.).

Here is another example (my test sshd lives behind port 444):

<CLIP>
$ ssh -t localhost -p 444 exec echo blah
blah
Connection to localhost closed.
$ ssh -t localhost -p 444 exec echo blah
Connection to localhost closed.
$ ssh -t localhost -p 444 exec echo blah
blah
</CLIP>

So sometimes just 'echo blah' is lost.

My suggestion is that instead of just closing the channel when the 
session process dies, sshd should effort to empty the pty buffer before 
closing the channel. This could be implemented so that 
when the session process dies, sshd should read (and buffer) the pty 
master data until it gets EAGAIN and then close the channel. All 
pending output from dead session processes should allready be in the pty 
buffer, so first EAGAIN means that all of it has been read processed.

I guess I will attempt to implement this, but it will take some time (I 
will need to learn how session.c and serverloop.c work first).

- Jani

So, this forcefully closes stdout when the session process
leader exits and stderr is already closed?

I'm not sure why that would be a good thing... What am I missing?

The hang-on-exit go around has gone round so many times... -
why buckle now on the position that it's the client's
responsibility to decide to close the SSH connection early
when the session exits, as users expect, and not sshd's?

Why not have an option for the client to do this?

Cheers,

Nico
-- 
> -----Original Message-----
> From: Markus Friedl [mailto:markus at openbsd.org]
> Sent: Wednesday, July 31, 2002 12:36 PM
> To: openssh-unix-dev at mindrot.org
> Subject: so-called-hang-on-exit
> 
> 
> so, should this go into 3.5?
> 
> Index: serverloop.c
> ==================================================================[...]
> Index: session.c
> ==================================================================[...]
Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

I still think this sort of thing should be done by the client.

The client knows everything that the server knows. So the client
can choose to terminate the SSHv2 session when the PTY session
process leader exits - and it can implement any other termination
heuristic you wish too.

Nico
-- 
> -----Original Message-----
> From: Jani Jaakkola [mailto:jjaakkol at cs.helsinki.fi]
> Sent: Saturday, August 03, 2002 3:02 PM
> To: openssh-unix-dev at mindrot.org
> Subject: Re: so-called-hang-on-exit
> 
[...]
> OK, now I have implemented it. Currently only for protocol 2, but a 
> similar thing can be implemented for protocol 1 (and the 
> protocol 1 patch 
> would be simpler).
> 
> Here is what it does (or should do; I have made mistakes before):
> 
> - Applies against openssh-3.4p1
> - This patch only changes behavior of ssh protocol 2 sessions 
> with a tty.
>   Everything else should remain as it was.
> - It does its job by reading all immediately available data from the
>   pty when the pty session process dies. This should include all data
>   from the pty session foreground processes.
> - It can and will lose data from pty session background processes.
> - It might still hang indefinetely, if the background processes keep
>   producing more data than the sshd process can read and transfer to 
>   client (so that pty buffer will never get completely 
> empty). I consider 
>   this a feature of this solution, not a bug.
[...]

Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

On Mon, 5 Aug 2002 Nicolas.Williams at ubsw.com wrote:
> 
> I still think this sort of thing should be done by the client.
> 
> The client knows everything that the server knows.
Except this time is does not. If there is background processses on the 
tty, the client can either close the session and lose data or wait 
indefinetely for data from the background processes.
> So the client
> can choose to terminate the SSHv2 session when the PTY session
> process leader exits - and it can implement any other termination
> heuristic you wish too.
It needs server modifications that data from the pty session process 
leaders is not lost. I think rlogin and all other pty using programs have 
allready implemented this properly; which is that the pty buffer is 
first emptied and the connection is closed _after_ that.

- Jani

Fair enough on the flushing of the pty. But sshd should still
not close the pty - it should wait for the background processes
to exit and/or dissassociate from the pty.

The client does know that there are background processes left
still holding the pty open. How? Because the client requested
and got a pty, the sshd has sent a session-exit message, and
the channel is still open.

Cheers,

Nico
-- 
> -----Original Message-----
> From: Jani Jaakkola [mailto:jjaakkol at cs.Helsinki.FI]
> Sent: Monday, August 05, 2002 4:20 PM
> To: Williams, Nicolas
> Cc: openssh-unix-dev at mindrot.org
> Subject: RE: so-called-hang-on-exit
> 
> 
> On Mon, 5 Aug 2002 Nicolas.Williams at ubsw.com wrote:
> 
> > 
> > I still think this sort of thing should be done by the client.
> > 
> > The client knows everything that the server knows.
> 
> Except this time is does not. If there is background 
> processses on the 
> tty, the client can either close the session and lose data or wait 
> indefinetely for data from the background processes.
> 
> > So the client
> > can choose to terminate the SSHv2 session when the PTY session
> > process leader exits - and it can implement any other termination
> > heuristic you wish too.
> 
> It needs server modifications that data from the pty session process 
> leaders is not lost. I think rlogin and all other pty using 
> programs have 
> allready implemented this properly; which is that the pty buffer is 
> first emptied and the connection is closed _after_ that.
> 
> - Jani
> 
> 
Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

>Fair enough on the flushing of the pty. But sshd should still not close
>the pty - it should wait for the background processes to exit and/or
>dissassociate from the pty.
>
>The client does know that there are background processes left still
>holding the pty open. How? Because the client requested and got a pty,
>the sshd has sent a session-exit message, and the channel is still open.
>
>Cheers,
>
>Nico --
This is an oversimplification of the problem and what I consider to be the
main reason why the problem has not been fixed. Consider the situation
where a sysadm needs to log into a host, kill and restart a daemon.
Naturally the daemon has not been properly written through no fault of the
sysadmin who is merely and innocent victim of the ssh server. Upon logout
the terminal window hangs.... duh!!!! Again I ask, why should we be held
hostage to poorly written daemons just so you purists can say that not a
single byte of data has been lost that might someday be attempted to be
sent to pty connection that is trying desperately to disconnect???

The argument will not go away until some one fixes this BUG. Your argument
that the "client knows" is simplistic. Sure, we know that people write
buggy software and buggy daemons that do not properly redirect their
STDOUT and STDERR. That does not meant that we should
accomodate their stupidity and hang our own systems up because of it. At
the very least, make it a server configuration option that connections
will be closed unconditionally if requested by the client to do so. This
way we can rid our systems of hung sshd processes that fill up the process
table.

Michael

> -----Original Message-----
> From: Jani Jaakkola [mailto:jjaakkol at cs.Helsinki.FI]
> Sent: Monday, August 05, 2002 4:20 PM
> To: Williams, Nicolas
> Cc: openssh-unix-dev at mindrot.org
> Subject: RE: so-called-hang-on-exit
>
>
> On Mon, 5 Aug 2002 Nicolas.Williams at ubsw.com wrote:
>
> >
> > I still think this sort of thing should be done by the client.
> >
> > The client knows everything that the server knows.
>
> Except this time is does not. If there is background
> processses on the
> tty, the client can either close the session and lose data or wait
> indefinetely for data from the background processes.
>
> > So the client
> > can choose to terminate the SSHv2 session when the PTY session
> > process leader exits - and it can implement any other termination
> > heuristic you wish too.
>
> It needs server modifications that data from the pty session process
> leaders is not lost. I think rlogin and all other pty using
> programs have
> allready implemented this properly; which is that the pty buffer is
> first emptied and the connection is closed _after_ that.
>
> - Jani
>
>

BTW, it's not a "so-called-hang-on-exit". It DOES hang on exit,
there is
no question about it. The discussion is about how to fix it. Claiming that
it is "proper" doesn't fix the problem or keep people for
reporting it as
a bug over and over again. The client user really does want the process to
close when you say "exit", notwithstanding that there may be and
outstanding process that could possibly return data. Such is life.
>> On Mon, Aug 05, 2002 at 02:53:32PM -0700, Michael Robinton wrote:
>> sysadmin who is merely and innocent victim of the ssh server. Upon
>>logout the terminal window hangs....
>>
>... and the admin presses ~. if he really want's to close
>the connection. so what's the problem?
>
>-m
The problem is that it affects not only the knowledgable?? sysadmins but
all users. It is a nusiance and an agravation. Some users don't know
about ~ and some scripts which start remote processes via ssh get stuck
with a hung connection. What's the problem with having sshd close the
connects AS ASKED by sshd-config option which you can set to leave your
system hanging if you wish to do so??? Please don't force the rest of us
to deal with a hung script or blank window when we want to EXIT just
becasue you think we should not loose the data we clearly don't want.
Additionally, I really don't want my systems cluttered up with hung sshd
processes started by remote users that can't figure out how to deal with a
difficult implementation of ssh.

I'm not bitching about ssh or the development. I think it's a fine
program
and you are all to be commended for it's development and improvement. But,
lets get real about what users (not always so bright) and daemon
developers (sometimes really dim) expect from ssh. When I log off a
terminal window, I expect it to close. When I start a remote daemon, I
expect to be able to disconnect from the remote host whether it is via a
terminal window or a script.

Michael

> So,
>
>You reach a certain timeout, and you get notified of something like:
>
>"Badly written shell processes are running, please hit ~ to force ssh
>connection closure."
>
fat lot of good that does a script
>Then every end user knows about the "way to close ssh even when shell
>scripts are badly written", and they also get notified of the fact that
>something they did in their session was "wrong", so they can even
rectify
>that problem.
What about most users that didn't write the "badly written
daemon". Are
they suppose to learn how to maintain other people's stuff???
>
>The end user is not aware that the things they did were "wrong",
most
>probably because most other remote "shells" behave differently, so
since
>OpenSSHs behaviour is not "common" then the end user should be
made
>aware.
Again, this oversimplifies the problem. We can make ssh difficult to use
or easy to use -- gee why do you think Windoze is so popular --

since ~ will unconditionally close a terminal window, what's wrong with a
config option to do this automagically if the sysadmin wishes to configure
sshd in this fashion. Give me a good reason (other than academic) why when
the user or script says "bye now" that sshd should not take them
seriously.

Michael
>
>Damien
>
>At 04:18 PM 5/08/2002 -0700, Michael Robinton wrote:
>BTW, it's not a "so-called-hang-on-exit". It DOES hang on
exit, there is
>no question about it. The discussion is about how to fix it. Claiming
>that
>it is "proper" doesn't fix the problem or keep people for
reporting it as
>a bug over and over again. The client user really does want the process
>to
>close when you say "exit", notwithstanding that there may be and
>outstanding process that could possibly return data. Such is life.
>
> >> On Mon, Aug 05, 2002 at 02:53:32PM -0700, Michael Robinton wrote:
> >> sysadmin who is merely and innocent victim of the ssh server. Upon
> >>logout the terminal window hangs....
> >>
> >... and the admin presses ~. if he really want's to close
> >the connection. so what's the problem?
> >
> >-m
>
>The problem is that it affects not only the knowledgable?? sysadmins but
>all users. It is a nusiance and an agravation. Some users don't know
>about ~ and some scripts which start remote processes via ssh get stuck
>with a hung connection. What's the problem with having sshd close the
>connects AS ASKED by sshd-config option which you can set to leave your
>system hanging if you wish to do so??? Please don't force the rest of us
>to deal with a hung script or blank window when we want to EXIT just
>becasue you think we should not loose the data we clearly don't want.
>Additionally, I really don't want my systems cluttered up with hung sshd
>processes started by remote users that can't figure out how to deal with
a
>difficult implementation of ssh.
>
>I'm not bitching about ssh or the development. I think it's a fine
program
>and you are all to be commended for it's development and improvement.
But,
>lets get real about what users (not always so bright) and daemon
>developers (sometimes really dim) expect from ssh. When I log off a
>terminal window, I expect it to close. When I start a remote daemon, I
>expect to be able to disconnect from the remote host whether it is via a
>terminal window or a script.
>
>Michael

Michael,

You misunderstood me. I stated that the so called "bug" could/should
be fixed in the client, rather than the server.

Nico
-- 

Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

Why are putting a timeout into the sshd's select() when flushing
the PTY?

I'll admit I've neither tried the patch nor really read it. But if
you'll rely on timeouts on one side, why not on the other. There's
the heuristic. I mean, if you want it to be totally correct then
sshd just has to wait for the pty to close - any other approach
has to be a heuristic and will allow for data lossage.

But then, you all seem to be happy with data lossage, whereas I'm
not happy to be forced to suffer it. So why not a client side
heuristic, like this:

if (session-exit && open_channels == 1) {
    set_timeout(1); /* 1 second - or as configured */
}
...

and in the event loop add a check for (open_sessions == 0 &&
open_channels == 1 && open_channel_has_pty()) and then close the
channel and do the right thing (exit).

Forgive my pseudo-code.

I mean, if we're gonna have a heuristic, why not put it on the
client side, where all users can decide whether or not to turn
it on (whereas they can't if the heuristic is implemented on
the server side - not without adding a special channel request
for it [ick!]).

Cheers,

Nico
-- 
> -----Original Message-----
> From: Frank Cusack [mailto:fcusack at fcusack.com]
> Sent: Tuesday, August 06, 2002 2:21 AM
> To: Williams, Nicolas
> Cc: jjaakkol at cs.Helsinki.FI; openssh-unix-dev at mindrot.org
> Subject: Re: so-called-hang-on-exit
> 
> 
> How does the client know the pty has been flushed and it's 
> not just that
> sshd has not set the right bit in the select mask (since it 
> does or does not
> set it according to some heuristic)?  ie, just b/c the client 
> isn't getting
> data doesn't mean the pty has been flushed.  Right?
> 
> /fc
> 
> On Mon, Aug 05, 2002 at 04:31:26PM -0400, 
> Nicolas.Williams at ubsw.com wrote:
> > 
> > Fair enough on the flushing of the pty. But sshd should still
> > not close the pty - it should wait for the background processes
> > to exit and/or dissassociate from the pty.
> > 
> > The client does know that there are background processes left
> > still holding the pty open. How? Because the client requested
> > and got a pty, the sshd has sent a session-exit message, and
> > the channel is still open.
> > 
> > Cheers,
> > 
> > Nico
> > -- 
> > 
> > > -----Original Message-----
> > > From: Jani Jaakkola [mailto:jjaakkol at cs.Helsinki.FI]
> > > Sent: Monday, August 05, 2002 4:20 PM
> > > To: Williams, Nicolas
> > > Cc: openssh-unix-dev at mindrot.org
> > > Subject: RE: so-called-hang-on-exit
> > > 
> > > 
> > > On Mon, 5 Aug 2002 Nicolas.Williams at ubsw.com wrote:
> > > 
> > > > 
> > > > I still think this sort of thing should be done by the
client.
> > > > 
> > > > The client knows everything that the server knows.
> > > 
> > > Except this time is does not. If there is background 
> > > processses on the 
> > > tty, the client can either close the session and lose 
> data or wait 
> > > indefinetely for data from the background processes.
> > > 
> > > > So the client
> > > > can choose to terminate the SSHv2 session when the PTY
session
> > > > process leader exits - and it can implement any other 
> termination
> > > > heuristic you wish too.
> > > 
> > > It needs server modifications that data from the pty 
> session process 
> > > leaders is not lost. I think rlogin and all other pty using 
> > > programs have 
> > > allready implemented this properly; which is that the pty 
> buffer is 
> > > first emptied and the connection is closed _after_ that.
> > > 
> > > - Jani
> 
Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

On Tuesday, August 06, Michael Robinton wrote:
> Make it an option that can be set in both sshd-config and 
> ssh-config so
> that both client and server operators have the choice to 
> never lose data
> or to always disconnect, damn the data, full speed ahead :-)
You can't make it a client-side option if it's implemented on the
server side without extending the SSHv2 protocol [by adding a new
channel request type].

So now you're saying you'd be happy with a client-side option (which
you'd default a particular way, and I another, in ssh_config).

So you've come around to my position :)

Q.E.D.,

Nico
-- 

Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

> Hm, so still the only thing we could do is wait for EOF,
> until someone can explain why Linux/Solaris behave different
> from *BSD....
What's the difference, again?

Nico
-- 

Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

I meant, what is the difference in behaviour in technical terms.

E.g., "the BSD pty master gets EOF as soon as all processes in the
pty's
controlling process group exit, whereas on Linux the pty master EOFs
only when there are no open file descriptors for the pty."

And what server-side, user-level heuristic could "correct" for this
difference?

Cheers,

Nico
-- 
> -----Original Message-----
> From: Craig J Copi [mailto:cjc5 at po.cwru.edu]
> Sent: Tuesday, August 06, 2002 1:19 PM
> To: Williams, Nicolas
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: so-called-hang-on-exit 
> 
> 
> Nicolas.Williams at ubsw.com writes:
> >
> >What's the difference, again?
> 
> Using the following test:
> #> ssh machinename
> #> (sleep 10; echo hi) &
> #> exit
> 
> I get the following results.
> H == Hang, wait for sleep, print hi, then exit
> NH == Exit immediately (hi not printed)
> 
> client\server |  Linux  | OpenBSD
> --------------+---------+--------
> Linux         |    H    |  NH
> OpenBSD       |    H    |  NH
> 
> 
> Using the following test:
> #> ssh machinename '(sleep 10; echo hi) &'
> 
> I get the following results.
> 
> client\server |  Linux  | OpenBSD
> --------------+---------+--------
> Linux         |    H    |  H
> OpenBSD       |    H    |  H
> 
> Note:
> Linux == RH7.3 w/updates
> OpenBSD == 3.1 w/updates
> OpenSSH 3.4[p1] w/privsep running on test machines.
> 
> So why does this happen.  People seem to expect the OpenBSD behavior
> eventhough you don't get the "hi" printed in the first test
case.
> 
> Craig
> 
Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

A test program *could* be written. The test should try several
conditions to determine what the kernel/pty driver behaviour is:

 - does the pty close immediately when the session leader exits?
 - does the pty close immediately when the session leader is gone *and*
   the pty's foreground process group is orphaned (or empty?)?
 - does the pty driver send SIGHUP to all processes associated with the
   PTY when the session leader exits?

Having the answers to these questions for each of the major platforms we
can then think about how to emulate *BSD behaviour on Linux and Solaris
(assuming that it's even desired). But then, we all pretty much suspect
what the behaviour is (see previous posts in this thread).

The notion of "flushing the pty" may not be so simple because the
boundary between data last written by the session leader and data
written by background processes may be indistiguishable (would that
even be a problem?) - how does one "flush the pty" from the master
side anyways? (by reading until read() returns EWOULDBLOCK? or is there
some special ioctl() for emptying buffered data on the slave write side
to the master read side?)

And one more avenue that must be considered: why not just document the
platform differences and leave it at that? Some will be inconvenienced,
but the OpenSSH folks could just say "hey, take it to your OS vendor",
say.

Cheers,

Nico
-- 
> -----Original Message-----
> From: Ben Lindstrom [mailto:mouring at etoh.eviladmin.org]
> Sent: Tuesday, August 06, 2002 10:35 PM
> To: Carl Brewer
> Cc: Michael Robinton; openssh-unix-dev at mindrot.org
> Subject: Re: so-called-hang-on-exit
> 
> 
> 
> On Tue, 6 Aug 2002, Carl Brewer wrote:
> 
> [..]
> > > since ~ will unconditionally close a terminal window, 
> what's wrong with a
> > > config option to do this automagically if the sysadmin 
> wishes to configure
> > > sshd in this fashion. Give me a good reason (other than 
> academic) why when
> > > the user or script says "bye now" that sshd should not
take them
> > > seriously.
> >
> > Not to mention the complexity of multiple chained ssh 
> connections, how
> > many "~'s do I need to press?  I'm chained in through how
> many sessions
> > again?
> >
> > Unfortunatly, Michael, you're wasting your time.  None of the
> > developers will see it from a 'real user' perspective.  Purity
> > vs practicality, and purity wins.
> >
> 
> Your going to have to excuse me. I just got back into town after a
> wirlwind trip, but I don't think you are qualify to say that.
> 
> The question that has yet to be answered is.
> 
> *WHY* does it happen on some platforms and not others?  You 
> run OpenSSH on
> OpenBSD?  No hang.
> 
> No one has yet to even explain to us why.  If one person 
> could explain why
> without handwaving it would solve the problem because it more 
> than likely
> is a mistake on TTY handling.
> 
> - Ben
> 
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> 
Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

Jani,

Sshd normally doesn't use timeouts in the select() loop. That you're
putting a timeout into the select() call "so that the select() call
could not hang forever" indicates you fail to understand what's going
on and are actually implementing a timeout heuristic. That may be a
fine thing to do, but that is what you're doing.

Specifically, in a plain one-channel pty ssh connection to an sshd
on Solaris/Linux, after the session leader exits, if it leaves
background process groups still running, but not interacting with
the pty, then the sshd will sit there in select() waiting for:

 - client requests (as in new channel requests, channel close
   messages, or channel data, say)
 - those background process groups to write something to the pty

The user considers the session to be finished and does *nothing* or
does ~.. If he does nothing then neither does the sshd do anything.

That's what you interpret as "hanging". You want a heuristic which
"flushes" the pty and closes it as if it had produced EOF as it would
on OpenBSD. Perhaps one way to do that would be to read() in a loop
from the master pty until it returns EWOULDBLOCK, then close it and
get the process started by which the channel is then closed. Or you
can use a timeout, that is, keep select()ing on the pty master fildes
for some time then close it. The fact that you're putting a timeout
into the select() indicates that you're doing the latter.

Once the pty master fildes is closed the select loop will only select
on the SSH socket. By this time the client will know that the channel
is closed, and it (the client) will then proceed to tear down the SSH
connection (which is what you want and which will get sshd out of its
select loop and thus get sshd to exit) because that is what ssh clients
typically do when the last open channel is closed (that is what the
OpenSSH client does, though clients are not obligated to do this - they
can just reuse the SSH[v2] connection and open new channels).

Cheers,

Nico
-- 
> -----Original Message-----
> From: Jani Jaakkola [mailto:jjaakkol at cs.Helsinki.FI]
> Sent: Wednesday, August 07, 2002 3:53 PM
> To: Williams, Nicolas
> Cc: fcusack at fcusack.com; openssh-unix-dev at mindrot.org
> Subject: RE: so-called-hang-on-exit
> 
> 
> On Tue, 6 Aug 2002 Nicolas.Williams at ubsw.com wrote:
> 
> > 
> > Why are putting a timeout into the sshd's select() when flushing
> > the PTY?
> > 
> > I'll admit I've neither tried the patch nor really read it.
But if
> > you'll rely on timeouts on one side, why not on the other.
> 
> We did not rely on timeouts. The timeouts we're only made so that the 
> select() call could not hang forever.
> 
> I really did want 0 second timeouts, but the way timeout handling was 
> implemented in serverloop.c prevented that (with a minimal 
> patch at least. 
> Personally I would have liked to clean up the timeout 
> handling; Eventually 
> I will have to, since I will port my older IdleTimeout to 
> newer openssh).
> 
> - Jani
> 
> 
> 
Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

Perfect. Good patch then. Indeed, I had not read the patch.

Question: what happens to the background process groups? what
should happen to them?

By closing the pty master you cause them to get errors when
they next try to interact with the pty slave. Shouldn't they
get SIGHUP? Sshd cannot figure out what the process groups
are, so it can't send them SIGHUP; but an external script
could use the proc tools/ps/lsof to find all those orphaned
process groups and HUP them.

Traditionally you need nohup(1) to start background jobs which
should survive sessions...

Cheers,

Nico
-- 
> -----Original Message-----
> From: Jani Jaakkola [mailto:jjaakkol at cs.Helsinki.FI]
> Sent: Wednesday, August 07, 2002 4:26 PM
> To: Williams, Nicolas
> Cc: fcusack at fcusack.com; openssh-unix-dev at mindrot.org
> Subject: RE: so-called-hang-on-exit
> 
[...] 
> I did not implement any such thing. Read the patch.
> 
> My second patch has no timeouts at all, but it provides 
> almost exactly the 
> same behaviour as the first.
[...] 
> That was exactly what I did.
[...]
> You did not read the patch. I was doing the former.
> 
> As I already said, the fact that the in the first patch was 
> something else 
> that 0ms was because I had to work around some historical code in the 
> openssh select loop, which was not written by me. I would be 
> happy to fix 
> it though, and probably will provide a patch for it 
> (IdleTimeout will need 
> it).
[...]
> I agree with all this.
> 
> - Jani
> 
> 
> 
Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.