ssh-keysign bug?
Christopher Craig Penney Jr
penney at msu.edu
Sat Dec 18 05:55:30 EST 2004
I use ssh in a batch environment (www.pbspro.com) and am using host based
authentication to allow sshes between some resources. When I converted from
openssh 3.1 to newer versions (up to an including 3.8 where ssh-keysign was
moved to a standalone binary) I had issues with ssh-keysign failing with the
error "bad fd". A little exploring showed that this was happening because
in the batch environment the ssh command did not have a STDIN opened and the
socket used for IPC was being created as fd 0.
You can see the difference here from a ls -l of /proc/pid/fd right after
buffer_get_int(&b) is called in ssh-keysign's main():
--- Normal SSH:
0 -> /dev/pts/3
1 -> /dev/pts/3
2 -> /dev/pts/3
3 -> socket:[37629928]
5 -> pipe:[37629941]
6 -> pipe:[37629942]
--- Normal SSH-KEYSIGN:
0 -> pipe:[37629941]
1 -> pipe:[37629942]
2 -> /dev/pts/3
3 -> socket:[37629928]
--- Batch run SSH:
0 -> socket:[16485502]
1 -> /var/spool/pbs/spool/311683.batc.OU
2 -> /var/spool/pbs/spool/311683.batc.OU
4 -> pipe:[16485513]
5 -> pipe:[16485514]
--- Batch run SSH-KEYSIGN:
0 -> pipe:[16485513]
1 -> pipe:[16485514]
2 -> /var/spool/pbs/spool/311683.batc.OU
The problem is resolved if, in the batch script, you redirect /dev/null into
the ssh command so the ssh command has a valid STDIN. I'm not sure if this
is a bug or intended behavior.
Chris
More information about the openssh-unix-dev
mailing list