[Bug 2598] ssh-agent very occasionally won't remove keys or certs despite now() >= lifetime

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sun Jul 17 18:49:11 AEST 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2598

--- Comment #5 from Darren Tucker <dtucker at zip.com.au> ---
(In reply to Peter Moody from comment #3)
> osx doesn't appear to have clock_gettime(2), and I can't find any
> references to CLOCK_BOOTTIME in /usr/include. if monotime() is just
> using time(2), does that help isolate the issue?

maybe, I'll have a think about it.

> If you give me a patch and an idea of what steps you think might
> tickle this bug (eg. multiple keys, some constrained and some not,
> keys expiring when the laptop is sleeping, etc), I'd be happy to
> test.
> 
> I do have one user that this has happened to twice in the last week
> and I might be able get him to replace his ssh-agent and see if
> something about his regular workflow just tickles this bug.

(In reply to Peter Moody from comment #4)
> one other thing. If I were to run ssh-agent -d and then suspend and
> resume the process, does that make ssh-agent behave in a similar
> manner to if the machine hibernated?

It's worth a try but my guess is that it won't.

> Or do you think there might be
> something special about being flushed to disk, etc? I'm just trying
> to think of ways to test this on a machine which so far hasn't had
> this happen.

I doubt it's disk flushes have anything to do with it (I don't think
ssh-agent even includes stderr in the descriptors it selects on.

A couple of questions:
 - when it happens, if you run ssh-add -l twice are the keys present in
both?
 - is there anything else going on with clocks, eg ntpd?  if so, are
there any clock steps logged?

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list