This isn't a problem with openssh per se, but impacts some users on Linux, and I wonder if I can get an amen on a netstat/net-utils change proposal. Splitting out sshd-session had an unfortunate side-effect: on Linux if you are used to using netstat -antp to see what user process is associated with which socket, the longer process name squeezes out the username. Prior to the change: # netstat -antp | egrep 'EST.*sshd' tcp 0 36 127.0.0.1:22 127.0.0.1:20560 ESTABLISHED 226228/sshd: foo After the change: tcp 0 0 127.0.0.1:22 127.0.0.1:40222 ESTABLISHED 5266/sshd-session: netstat has a -W/--wide flag, but it has no impact on the width of the proctitle info added by the -p flag. So I created https://sourceforge.net/p/net-tools/bugs/50/ about either making the width subject to -W, or simply increasing the #define from 20 to 30; no feedback yet so I don't know how such changes would be received (that might be my answer). [ Yes, netstat is old&busted and we should all be using ss, except ss's -p flag pulls argv[0] not proctitle, so it's no help. Also the process is still owned by root so a simple check like the owner of the process or socket doesn't really help either. ] Does anybody else routinely make use of netstat -antp for this reason, and miss the utility of it after this change? If so please go chime in on that discussion, if nothing else you'll motivate me to submit a patch. Thanks, -- Hank Leininger <hlein at korelogic.com> 8428 ED14 5268 C727 0C48 F454 846F 0637 5FEB 1612 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20250410/905b3a2d/attachment.asc>
On 10.04.25 20:12, Hank Leininger wrote:> So I created https://sourceforge.net/p/net-tools/bugs/50/ about either > making the width subject to -W, or simply increasing the #define from 20 > to 30Independent of the (non)success of your improvement request:> # netstat -natp | grep -1 ':4317.*ESTA.*22277' > tcp 0 0 10.241.2.52:22 10.240.3.12:49806 ESTABLISHED 18475/sshd: bongo [ > tcp 0 0 10.241.2.52:13278 10.224.2.18:4317 ESTABLISHED 22277/otelcol-contr > tcp 0 0 10.241.2.52:22 10.240.3.12:39690 ESTABLISHED 17512/sshd: bongo [ > -- > tcp 0 0 10.241.2.52:22 10.240.3.12:45840 ESTABLISHED 32642/sshd: bongo [ > tcp 0 0 10.241.2.52:16278 10.224.2.18:4317 ESTABLISHED 22277/otelcol-contr > tcp 0 0 10.241.2.52:22 10.240.3.12:43180 ESTABLISHED 828/sshd: bongo [pr> # netstat-natp | grep -1 ':4317.*ESTA.*22277' > tcp 0 0 10.241.2.52:22 10.240.3.12:49806 ESTABLISHED 18475/sshd: bongo [priv] > tcp 0 0 10.241.2.52:13278 10.224.2.18:4317 ESTABLISHED 22277//usr/bin/otelcol-contrib --config=/etc/otelcol-contrib/config.yaml > tcp 0 0 10.241.2.52:22 10.240.3.12:39690 ESTABLISHED 17512/sshd: bongo [priv] > -- > tcp 0 0 10.241.2.52:22 10.240.3.12:45840 ESTABLISHED 32642/sshd: bongo [priv] > tcp 0 0 10.241.2.52:16278 10.224.2.18:4317 ESTABLISHED 22277//usr/bin/otelcol-contrib --config=/etc/otelcol-contrib/config.yaml > tcp 0 0 10.241.2.52:22 10.240.3.12:43180 ESTABLISHED 828/sshd: bongo [priv]# uuencode netstat-natp < bin/netstat-natp begin 644 netstat-natp M(R$O8FEN+W-H"B]B:6XO;F5T<W1A="`M;F%T<"!\(&=R97`@)ULP+3E=+R<@ M?"!S960 at +64@)W-\7"A;,2TY75LP+3E=*EPI+RXJ?%PQ+R(@.R!T<B`B7%PP M(B`B("(@/"`O<')O8R]<,2]C;61L:6YE(#L at 96-H;WPG("UE("=S+UXO96-H .;R`M;B`B+R<@?"!S:`H` ` end (I suppose the script *could* be improved so as to reproduce output lines that *lack* a PID+cmdline, too, like these:> tcp 0 0 127.0.0.1:31039 127.0.0.1:56858 TIME_WAIT - > tcp 0 0 10.241.2.52:13006 178.15.145.183:22 TIME_WAIT -but I guess that that's not your focus *here*.) Kind regards, -- Jochen Bern Systemingenieur Binect GmbH -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4336 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20250411/fa743c70/attachment.p7s>
Maybe Matching Threads
- Subsystem sftp invoked even though forced command created
- Identify multiple users doing reverse port FWD with their pubkeys
- problem with dynamic speex library under windows
- S4 classes and objects -- fixed structure? No...
- Identify multiple users doing reverse port FWD with their pubkeys