[Bug 1213] ssh-keyscan exits in mid-way

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Feb 18 10:58:23 EST 2011


https://bugzilla.mindrot.org/show_bug.cgi?id=1213

--- Comment #8 from aab at purdue.edu 2011-02-18 10:58:23 EST ---
Mr. Kotes, I have a patch against openssh-5.[678]p1 for our problem
that could be called a workaround or a fix depending on your way of
looking at it.  The probable reason that `packet_read_seqnr()' gets the
len==0 is that one of the IPs from which your attempting to get a key
has a bad `sshd' server that times out because of the "LoginGraceTime".
 This, in turn, causes almost all of the other servers that have open
sockets at that time to "LoginGraceTime" out as well.  To back up a
bit, `packet_read_seqnr()' calls the vanilla `cleanup_exit()' that in
the current ssh-keyscan aborts immediately rather than continuing like
ssh-keyscan's `fatal()' call does.  This is part 1 of the fix.  The
second part is to teach ssh-keyscan how to deal with the problem when a
bad server times out.  My patch does both although the code seems a bit
kludgy to me.

Unfortunately, we haven't had a bad server recently so I can't
completely test the patch (I'm using it in test mode now) and, until
then, I don't want to send it to the OpenSSH folks.  FWIW - our host
farm is 3500+ with an additional 1200+ to be online soon and probably
more in the late summer.

In my opioion, this should be marked as a bug against the current
openssh variant.  How do I go about doing that?

If you'd like to have a copy of the current patch so you can test it,
please tell me where to send it.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list