openssh unix dev - Sep 2003 - 3.6.1p1/SNAP-20030910, AIX & /etc/nologin (similar to bug #178)

I'm seeing a problem under AIX (4.3.3, 5.1, 5.2) very similar to bug
#178.  It occurs with both 3.6.1p1 and openssh-SNAP-20030910.

If /etc/nologin is present, a session requesting a pty will hang,
apparently when the sshd parent tries to close the pty slave.  As in
bug #178, adding a brief sleep to the child sshd anytime after the fork
seems to clear up the problem (though I agree that this is not the
correct solution).  It seems as Darren suggested in #178 that it may be
a timing thing, only for me the hang is the rule, not the exception.

In this case, with the nologin exception to the AIX loginrestrictions()
code, the program continues and the child calls do_nologin().  However,
just like in bug #178, the nologin output is not seen by the client.
The child's fflush() call added to do_nologin() by bug #178 does not
solve the problem for me.

It's almost as though, if the child exits before the parent closes the
pty slave, the hang occurs; but if the parent closes the pty slave and
then the child exits, everything works correctly (based on the fact
that it works with the sleep and doesn't without).  Pty games aren't my
strong suit, and I'm out of ideas at the moment.

Is anyone else seeing this behavior, or is it just me?

I can provide full (-ddd, -vvv) debugging if anyone would like to see
it.  I'm not doing anything especially odd with the build options:

  ./configure --libexecdir='${exec_prefix}/bin' --sysconfdir=/etc/ssh 
              --with-pid-dir=/etc/ssh --with-privsep-path=/var/empty/sshd
              --with-tcp-wrappers=/usr/local --with-kerberos5=/usr/local
              --with-cflags="-O3 -qstrict"

I did try w/o Kerberos, not expecting and not seeing any difference
in the problem behavior.  /etc/ssh/sshd_config only differs from the
defaults by enabling X11Forwarding, restricting to protocol 2, and
disabling Compression.

Thanks for any insight (or solutions! :).

=Dave

-- 
Hello World.                                    David Bronder - Systems Admin
Segmentation Fault                                     ITS-SPA, Univ. of Iowa
Core dumped, disk trashed, quota filled, soda warm.   david-bronder at uiowa.edu

David Bronder wrote:
> I'm seeing a problem under AIX (4.3.3, 5.1, 5.2) very similar to bug
> #178.  It occurs with both 3.6.1p1 and openssh-SNAP-20030910.
>
> If /etc/nologin is present, a session requesting a pty will hang,
> apparently when the sshd parent tries to close the pty slave.
That's not something I test often but last time I did it worked OK for me
(on AIX 5.2).

What maintenance levels do you have on your boxes, and which SSH client
(and protocol version) are you using?

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.