search for: packet_set_connection

While looking for leaks I came across two old packet APIs which are easy to remove. I'm sending patches for each separately. First, there is the packet_set_connection(int fd_in, int fd_out) function in opacket.c The function relies on a behavior in ssh_packet_set_connection() where, when it is passed a NULL pointer, it will implicitely allocate a struct ssh and return it after then set the fds in it. sshd.c appears to be the only place where the API is stil...

Dear OpenSSH Portable sshd developers, I'm having a problem where sshd login sessions are occasionally (as often as once a day) getting stuck indefinitely. I enabled debug messages and got a backtrace of a stuck sshd, and I think I've found the bug. I wanted to run it by the list once before filing. sshd version: OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004

...remote_ipaddr(), a connection's socket is already closed and there's not been any other call of this function yet so canonical_host_ip from canohost.c is still NULL and the function returns "UNKNOWN". I think that it could be workarounded by calling get_remote_ipaddr() right after packet_set_connection(), e.g. using another debug message, see bellow, or there could be set_remote_ipaddr() in canonhost.c for that. --- a/sshconnect.c +++ b/sshconnect.c @@ -62,6 +62,7 @@ #include "monitor_fdpass.h" #include "ssh2.h" #include "version.h" +#include "canohost.h&quo...

...+++ openssh-2.3.0p1-new/ssh.h Tue Nov 14 07:51:15 2000 @@ -321,11 +321,12 @@ * privileges if anonymous is false. Connection_attempts specifies the * maximum number of tries, one per second. This returns true on success, * and zero on failure. If the connection is successful, this calls - * packet_set_connection for the connection. + * packet_set_connection for the connection. Retry_delay specifies the seconds + * to wait between connection attempts. */ int ssh_connect(const char *host, struct sockaddr_storage * hostaddr, - u_short port, int connection_attempts, + u_short port, int connection_att...

On Sat, Jan 7, 2017 at 2:30 PM, Peter Moody <mindrot at hda3.com> wrote: > so I spent a bit of time looking at this and it seems like the only > way to go, at least if I want to keep it in ssh_connect_direct(), is > to use pthreads. further, it seems like getting that accepted is > something of a long shot: Sorry, pthreads is a non-starter. I would have thought that using

...ily=2,ai->ai_socktype=2,ai->ai_protocol=6 listen_sock=6 Bind to port ssh on ::. ?not binding ?before freeaddrinfo ?after freeaddrinfo before? SIGHUP before? SIGTERM before? SIGCHLD setup fd set for listen ?before select bash-3.00# before alarm ?after alarm before SIGINT ?after SIGINT ?before packet_set_connection in buffer_init in buffer_init in buffer_init in buffer_init ?after packet_set_connection ?before select ?after get_remote_portremote_port=57218 ?after get_remote_ipaddr=192.168.131.254 Connection from 192.168.131.254 port 57218 ?before signal ?before sshd_exchange_identificationsock_in=6, sock_out=...

...ily=2,ai->ai_socktype=2,ai->ai_protocol=6 listen_sock=6 Bind to port ssh on ::. not binding before freeaddrinfo after freeaddrinfo before SIGHUP before SIGTERM before SIGCHLD setup fd set for listen before select bash-3.00# before alarm after alarm before SIGINT after SIGINT before packet_set_connection in buffer_init in buffer_init in buffer_init in buffer_init after packet_set_connection before select after get_remote_portremote_port=57218 after get_remote_ipaddr=192.168.131.254 Connection from 192.168.131.254 port 57218 before signal before sshd_exchange_identificationsock_in=6, sock_out=...

Hello, My usage of ProxyCommand just calls the nc utility with various parameters. That in turn after the initial setup just copies copies the data from the network socket to stdin/stdout. This useless coping can be avoided if ssh has an option to receive the socket from the proxy command. I suppose it can improve network error reporting as ssh would talk directly to the network socket rather

Hello! I'm hoping that Gmail won't HTML format this mail so that I'll get flamed :) Anyway, my question relates to ssh_config. The problem I find is that the Host pattern is only applied to the argument given on the command line, as outlined in the man page: "The host is the hostname argument given on the command line (i.e. the name is not converted to a canonicalized host name

...nect using it. */ - if (proxy_command != NULL) - return ssh_proxy_connect(host, port, proxy_command); + if (proxy_command != NULL) { + if(strcmp(proxy_command,":socket:")) + return ssh_proxy_connect(host, port, proxy_command); + else { + packet_set_connection(3, 4); + return 0; + } + } /* No proxy command. */

...------- Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #14 from Damien Miller <djm at mindrot.org> --- on second thoughts, I'm going to leave this. The is-socket of the packet code is undefined until you call packet_set_connection() and trying to ascertain it before you've set a socket is wrong. Our code will never do this, so the crash is irrelevant to stock openssh. Your code shouldn't either, but if you insist then you should apply the patch in your own tree :/ -- You are receiving this mail because: You are wa...

...remote_ipaddr(), a connection's socket is already closed and there's not been any other call of this function yet so canonical_host_ip from canohost.c is still NULL and the function returns "UNKNOWN". I think that it could be workarounded by calling get_remote_ipaddr() right after packet_set_connection(), e.g. using another debug message, see bellow, or there could be set_remote_ipaddr() in canonhost.c for that. -- You are receiving this mail because: You are watching the assignee of the bug.

...n any case. My suggestions: 1. Move keepalive setsockopt out of packet_set_interactive, as it's not related to interactive vs non-interactive. Instead, make the keepalive setsockopt call in: ssh -- in sshconnect.c, after the setsockopt for SO_LINGER, right before call to packet_set_connection. sshd -- in sshd.c, after the setsockopt for SO_LINGER. 2. Secondarily, for ssh and sshd, ensure packet_set_interactive is called for ssh2 also if appropriate. ----------------------- As an aside (as information for anyone else with the same problem), I need keepalives to keep my connect...

Hi! There are configuration knobs (TCPKeepAlive) to enable/disable the use of TCP keepalives both in the ssh client and server. Unfortunately some UNIX systems default to SO_KEEPALIVE=on and some to =off. This may even be settable on a per host basis (OpenBSD default net.inet.tcp.always_keepalive=1 ???). For the TCPKeepAlive configuration knob I would like to propose changes along the lines

...+ if (options.keepalives) { + static const int on = 1; + + /* Set keepalives if requested. */ + if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *) &on, + sizeof(on)) < 0) + error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); + } + /* Set the connection. */ packet_set_connection(sock, sock); --- sv0/sshd.c Fri Oct 13 22:23:13 2000 +++ sshd.c Tue Jan 2 16:42:57 2001 @@ -1014,6 +1014,13 @@ linger.l_linger = 5; setsockopt(sock_in, SOL_SOCKET, SO_LINGER, (void *) &linger, sizeof(linger)); + if (options.keepalives) { + /* Set keepalives if requested. */ + if (set...

...remote_ipaddr(), a connection's socket is already closed and there's not been any other call of this function yet so canonical_host_ip from canohost.c is still NULL and the function returns "UNKNOWN". I think that it could be workarounded by calling get_remote_ipaddr() right after packet_set_connection(), e.g. using another debug message, or there could be set_remote_ipaddr() in canonhost.c for that. -- You are receiving this mail because: You are watching the assignee of the bug.

http://bugzilla.mindrot.org/show_bug.cgi?id=294 ------- Additional Comments From ktaylor at daac.gsfc.nasa.gov 2002-06-26 00:53 ------- This is what's reported in the syslog from openssh-2.9.9p2 - with an ip address range listed in hosts.allow Jun 25 10:50:08 6D:server sshd[30123536]: Failed keyboard-interactive for ktaylor from xxx.xxx.xxx.xxx port 40333 ssh2 Jun 25 10:50:13 6D:server

...ies the - * maximum number of tries, one per second. This returns true on success, + * maximum number of tries; Connection_timeout specifies the maximum number + * of time to wait for each try. This returns true on success, * and zero on failure. If the connection is successful, this calls * packet_set_connection for the connection. */ int ssh_connect(const char *host, struct sockaddr_storage * hostaddr, - u_short port, int connection_attempts, + u_short port, int connection_attempts, int connection_timeout, int anonymous, uid_t original_real_uid, const char *proxy_command); diff -Naur...

Hi, 1. I think you should apply the attached patch to openssh-2.9p1, otherwise ssh-keyscan on linux boxes with glibc-2.1 will experience enormous timeout delays. 2. Is there a program like ssh-keyscan for the Version2 (dsa and rsa) keys?? regards Peter Breitenlohner <peb at mppmu.mpg.de> -------------- next part -------------- diff -ur openssh-2.9p1.orig/ssh-keyscan.c

...the + * remote host (kex.c:canonical_host_ip) of the previous socket. Also + * clear the packet_read_seqnr() "Connection closed ..." and "Connection + * to ... timed out ..." flags (called by dispatch_run()). + */ + clear_cached_addr(); + connclosed = 0; + conntimedout = 0; + packet_set_connection(c->c_fd, c->c_fd); +/* + * Use our "timeout" value to set the maximum allowed wait time for data + * to become available in the `packet.c:packet_read_seqnr()' function. + */ + packet_set_timeout(timeout, 1); + enable_compat20(); myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c-...