3.6.1p1/SNAP-20030910, AIX & /etc/nologin (similar to bug #178)

David Bronder david-bronder at uiowa.edu
Tue Sep 16 10:23:50 EST 2003 

I'm seeing a problem under AIX (4.3.3, 5.1, 5.2) very similar to bug
#178.  It occurs with both 3.6.1p1 and openssh-SNAP-20030910.

If /etc/nologin is present, a session requesting a pty will hang,
apparently when the sshd parent tries to close the pty slave.  As in
bug #178, adding a brief sleep to the child sshd anytime after the fork
seems to clear up the problem (though I agree that this is not the
correct solution).  It seems as Darren suggested in #178 that it may be
a timing thing, only for me the hang is the rule, not the exception.

In this case, with the nologin exception to the AIX loginrestrictions()
code, the program continues and the child calls do_nologin().  However,
just like in bug #178, the nologin output is not seen by the client.
The child's fflush() call added to do_nologin() by bug #178 does not
solve the problem for me.

It's almost as though, if the child exits before the parent closes the
pty slave, the hang occurs; but if the parent closes the pty slave and
then the child exits, everything works correctly (based on the fact
that it works with the sleep and doesn't without).  Pty games aren't my
strong suit, and I'm out of ideas at the moment.

Is anyone else seeing this behavior, or is it just me?

I can provide full (-ddd, -vvv) debugging if anyone would like to see
it.  I'm not doing anything especially odd with the build options:

  ./configure --libexecdir='${exec_prefix}/bin' --sysconfdir=/etc/ssh 
              --with-pid-dir=/etc/ssh --with-privsep-path=/var/empty/sshd
              --with-tcp-wrappers=/usr/local --with-kerberos5=/usr/local
              --with-cflags="-O3 -qstrict"

I did try w/o Kerberos, not expecting and not seeing any difference
in the problem behavior.  /etc/ssh/sshd_config only differs from the
defaults by enabling X11Forwarding, restricting to protocol 2, and
disabling Compression.

Thanks for any insight (or solutions! :).

=Dave

-- 
Hello World.                                    David Bronder - Systems Admin
Segmentation Fault                                     ITS-SPA, Univ. of Iowa
Core dumped, disk trashed, quota filled, soda warm.   david-bronder at uiowa.edu

More information about the openssh-unix-dev mailing list