Darren Tucker
2021-Oct-13 04:03 UTC
older versions of OpenSSH periodically kill the connection when multiple channels are opened
On Wed, 13 Oct 2021 at 14:07, Terra Frost <terrafrost at gmail.com> wrote:> Sometimes when I connect to older OpenSSH servers the server closes the > connection. Doing "sudo /usr/sbin/sshd -ddd -p2222 &" gives me the > following error: > > > debug1: Unable to open session: The name org.freedesktop.ConsoleKit was > not provided by any .service filesExactly which version are you seeing this with? AFAICT no version of OpenSSH shipped by the OpenSSH team contains that debug message.> Here's the full error log that the OpenSSH server is providing:This is not the full log, if it was the sshd version identifier would be present. [...]> debug1: Allocating pty. > debug3: mm_request_send entering: type 28>From monitor.h this is MONITOR_REQ_PTY.> debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY > debug3: mm_request_receive_expect entering: type 29 > debug3: mm_request_receive entering29 is indeed MONITOR_ANS_PTY> debug1: Unable to open session: The name org.freedesktop.ConsoleKit was notprovided by any .service files as mentioned above this message is not present in stock OpenSSH.> debug3: mm_request_send entering: type 157monitor.h does not define a type 157. Debian's gssapi patch defines up to 153 and its selinux patch defines 154 so this is something else again.> debug3: mm_request_receive entering > debug3: monitor_read: checking request 28 > debug3: mm_answer_pty entering > debug2: session_new: allocate (allocated 1 max 10) > debug3: session_unused: session id 1 unused > debug1: session_new: session 1 > debug3: mm_request_send entering: type 29 > debug3: mm_answer_pty: tty /dev/pts/3 ptyfd 9 > mm_request_receive_expect: read: rtype 157 != type 29This looks to me like the monitor and the unprivileged process are getting out of sync although it's not clear why.> debug1: unregistering ConsoleKit session (null)this is also not from the stock OpenSSH code.> I haven't seen this issue on SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 or > later versions but, none-the-less, this error is causing some unit tests to > fail, intermittently.That's a version that doesn't have the problem. Which versions do have the problem?> Should I make it so that the client won't open up multiple channels on > versions of OpenSSH older than 7.2?That's up to you, but it looks like this problem is specific to a vendor modified version. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Darren Tucker
2021-Oct-13 04:09 UTC
older versions of OpenSSH periodically kill the connection when multiple channels are opened
On Wed, 13 Oct 2021 at 15:03, Darren Tucker <dtucker at dtucker.net> wrote: [...]> monitor.h does not define a type 157. Debian's gssapi patch defines > up to 153 and its selinux patch defines 154 so this is something else > again.Looks like this is Debian's ConsoleKit patch: https://sources.debian.org/patches/openssh/1:6.7p1-5+deb8u4/consolekit.patch/ -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Terra Frost
2021-Oct-13 07:02 UTC
older versions of OpenSSH periodically kill the connection when multiple channels are opened
https://pastebin.com/q5KFKmWm is the full log in case you're curious. But the https://sources.debian.org/patches/openssh/1:6.7p1-5+deb8u4/consolekit.patch/ link looks like a good find! On Tue, Oct 12, 2021 at 11:03 PM Darren Tucker <dtucker at dtucker.net> wrote:> On Wed, 13 Oct 2021 at 14:07, Terra Frost <terrafrost at gmail.com> wrote: > > Sometimes when I connect to older OpenSSH servers the server closes the > > connection. Doing "sudo /usr/sbin/sshd -ddd -p2222 &" gives me the > > following error: > > > > > debug1: Unable to open session: The name org.freedesktop.ConsoleKit was > > not provided by any .service files > > Exactly which version are you seeing this with? AFAICT no version of > OpenSSH shipped by the OpenSSH team contains that debug message. > > > Here's the full error log that the OpenSSH server is providing: > > This is not the full log, if it was the sshd version identifier would > be present. > > [...] > > debug1: Allocating pty. > > debug3: mm_request_send entering: type 28 > > From monitor.h this is MONITOR_REQ_PTY. > > > debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY > > debug3: mm_request_receive_expect entering: type 29 > > debug3: mm_request_receive entering > > 29 is indeed MONITOR_ANS_PTY > > > debug1: Unable to open session: The name org.freedesktop.ConsoleKit was > not > provided by any .service files > > as mentioned above this message is not present in stock OpenSSH. > > > debug3: mm_request_send entering: type 157 > > monitor.h does not define a type 157. Debian's gssapi patch defines > up to 153 and its selinux patch defines 154 so this is something else > again. > > > debug3: mm_request_receive entering > > debug3: monitor_read: checking request 28 > > debug3: mm_answer_pty entering > > debug2: session_new: allocate (allocated 1 max 10) > > debug3: session_unused: session id 1 unused > > debug1: session_new: session 1 > > debug3: mm_request_send entering: type 29 > > debug3: mm_answer_pty: tty /dev/pts/3 ptyfd 9 > > mm_request_receive_expect: read: rtype 157 != type 29 > > This looks to me like the monitor and the unprivileged process are > getting out of sync although it's not clear why. > > > debug1: unregistering ConsoleKit session (null) > > this is also not from the stock OpenSSH code. > > > I haven't seen this issue on SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 or > > later versions but, none-the-less, this error is causing some unit tests > to > > fail, intermittently. > > That's a version that doesn't have the problem. Which versions do > have the problem? > > > Should I make it so that the client won't open up multiple channels on > > versions of OpenSSH older than 7.2? > > That's up to you, but it looks like this problem is specific to a > vendor modified version. > > -- > Darren Tucker (dtucker at dtucker.net) > GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement. >