openssh unix dev - Apr 2025 - Side effect of sshd-session

This isn't a problem with openssh per se, but impacts some users on
Linux, and I wonder if I can get an amen on a netstat/net-utils
change proposal.

Splitting out sshd-session had an unfortunate side-effect: on Linux if
you are used to using netstat -antp to see what user process is
associated with which socket, the longer process name squeezes out the
username.

Prior to the change:

# netstat -antp | egrep 'EST.*sshd'
tcp        0     36 127.0.0.1:22      127.0.0.1:20560     ESTABLISHED
226228/sshd: foo

After the change:

tcp        0      0 127.0.0.1:22      127.0.0.1:40222     ESTABLISHED
5266/sshd-session:

netstat has a -W/--wide flag, but it has no impact on the width of the
proctitle info added by the -p flag.

So I created https://sourceforge.net/p/net-tools/bugs/50/ about either
making the width subject to -W, or simply increasing the #define from 20
to 30; no feedback yet so I don't know how such changes would be
received (that might be my answer).

[ Yes, netstat is old&busted and we should all be using ss, except
  ss's -p flag pulls argv[0] not proctitle, so it's no help. Also the
  process is still owned by root so a simple check like the owner of
  the process or socket doesn't really help either. ]

Does anybody else routinely make use of netstat -antp for this reason,
and miss the utility of it after this change? If so please go chime in
on that discussion, if nothing else you'll motivate me to submit a
patch.

Thanks,

-- 

Hank Leininger <hlein at korelogic.com>
8428 ED14 5268 C727 0C48  F454 846F 0637 5FEB 1612
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20250410/905b3a2d/attachment.asc>

On 10.04.25 20:12, Hank Leininger wrote:
> So I created https://sourceforge.net/p/net-tools/bugs/50/ about either
> making the width subject to -W, or simply increasing the #define from 20
> to 30
Independent of the (non)success of your improvement request:
> # netstat -natp | grep -1 ':4317.*ESTA.*22277'
> tcp        0      0 10.241.2.52:22          10.240.3.12:49806      
ESTABLISHED 18475/sshd: bongo [
> tcp        0      0 10.241.2.52:13278       10.224.2.18:4317       
ESTABLISHED 22277/otelcol-contr
> tcp        0      0 10.241.2.52:22          10.240.3.12:39690      
ESTABLISHED 17512/sshd: bongo [
> --
> tcp        0      0 10.241.2.52:22          10.240.3.12:45840      
ESTABLISHED 32642/sshd: bongo [
> tcp        0      0 10.241.2.52:16278       10.224.2.18:4317       
ESTABLISHED 22277/otelcol-contr
> tcp        0      0 10.241.2.52:22          10.240.3.12:43180      
ESTABLISHED 828/sshd: bongo [pr
> # netstat-natp | grep -1 ':4317.*ESTA.*22277'
> tcp        0      0 10.241.2.52:22          10.240.3.12:49806      
ESTABLISHED 18475/sshd: bongo [priv]
> tcp        0      0 10.241.2.52:13278       10.224.2.18:4317       
ESTABLISHED 22277//usr/bin/otelcol-contrib
--config=/etc/otelcol-contrib/config.yaml
> tcp        0      0 10.241.2.52:22          10.240.3.12:39690      
ESTABLISHED 17512/sshd: bongo [priv]
> --
> tcp        0      0 10.241.2.52:22          10.240.3.12:45840      
ESTABLISHED 32642/sshd: bongo [priv]
> tcp        0      0 10.241.2.52:16278       10.224.2.18:4317       
ESTABLISHED 22277//usr/bin/otelcol-contrib
--config=/etc/otelcol-contrib/config.yaml
> tcp        0      0 10.241.2.52:22          10.240.3.12:43180      
ESTABLISHED 828/sshd: bongo [priv]
# uuencode netstat-natp < bin/netstat-natp
begin 644 netstat-natp
M(R$O8FEN+W-H"B]B:6XO;F5T<W1A="`M;F%T<"!\(&=R97`@)ULP+3E=+R<@
M?"!S960 at +64@)W-\7"A;,2TY75LP+3E=*EPI+RXJ?%PQ+R(@.R!T<B`B7%PP
M(B`B("(@/"`O<')O8R]<,2]C;61L:6YE(#L at
96-H;WPG("UE("=S+UXO96-H
.;R`M;B`B+R<@?"!S:`H`
`
end

(I suppose the script *could* be improved so as to reproduce output 
lines that *lack* a PID+cmdline, too, like these:
> tcp        0      0 127.0.0.1:31039         127.0.0.1:56858        
TIME_WAIT   -
> tcp        0      0 10.241.2.52:13006       178.15.145.183:22      
TIME_WAIT   -
but I guess that that's not your focus *here*.)

Kind regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4336 bytes
Desc: S/MIME Cryptographic Signature
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20250411/fa743c70/attachment.p7s>