[Bug 3723] sshd failed to close session when client specifies no remote command

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Aug 28 12:36:27 AEST 2024


https://bugzilla.mindrot.org/show_bug.cgi?id=3723

--- Comment #4 from S Zhang <szhang at gen-info.osaka-u.ac.jp> ---
I took a look at the openssh-portable part that handles the session.

It appears that when the PAM session failed, we still create a
sshd_session, but everything in sshauthopt unset meaning nothing
including port forwarding can be done.

https://github.com/openssh/openssh-portable/blob/10ccf611ab8ecba9ce6b0548c5ccd8c1220baf92/auth-pam.c#L1220-L1225

https://github.com/openssh/openssh-portable/blob/10ccf611ab8ecba9ce6b0548c5ccd8c1220baf92/auth.c#L763-L780

However the sshd_session that failed PAM for session keeps running with
restricted sshauthopt. Systemd saw the running sshd_session owned by
the user and created a session under such user for it. While the
sshd_session and the ssh client cannot do anything, the sshd_session
wait for the user to close the connection to stop the local process.
Normally the ssh client attempted to run something and got rejected to
initiate the connection close process, but when the ssh client was
running with -N set, such thing did not happen, and the sshd_session
process persists with the systemd-logind session.

I wonder why would such restricted session remain, and why would the
sshd side not initiate the close session part but wait for the client
side to close the session? Are there any use case where such restricted
session useful?

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list