OpenSSH - forced command - no-pty issue
Darren Tucker
dtucker at zip.com.au
Tue Jan 20 12:11:10 EST 2004
Kumaresh wrote:
> The major problem we are running into is that the shell (both sh and ksh)
> does not kill its child processes when there is no pty. The SSH patch
> mentioned previously at
> http://bugzilla.mindrot.org/show_bug.cgi?id=396
>
> is not sufficient to kill the forced command completely.It will only kill
> the shell script, but not any child processes the shell script runs. The
> shell assumes the child is in the background (because there is no pty) and
> therefore does not kill the child.
The script should catch the SIGHUP and clean up after itself.
> Consider a shell script /tmp/test.sh that in turn calls "sleep 1000". If we
> run a forced command
> command="/tmp/test.sh",no-pty,no-port-forwarding ssh-rsa
> it gives the following processes:
>
> root 12724 1 0 04:46:13 ? 0:00 /opt/ssh/sbin/sshd
> root 13309 12724 10 05:24:20 ? 0:00 sshd: root at notty
> root 13313 13309 4 05:24:21 ? 0:00 /tmp/test.sh
> root 13314 13313 2 05:24:21 ? 0:00 sleep 1000
>
> When we disconnect the client, the sshd process is killed and the shell
> script keeps running:
>
> root 12724 1 0 04:46:13 ? 0:00 /opt/ssh/sbin/sshd
> root 13313 1 0 05:24:21 ? 0:00 /tmp/test.sh
> root 13314 13313 0 05:24:21 ? 0:00 sleep 1000
>
> When we apply the patch to sshd, the sshd process sends a SIGHUP (hangup)
> signal to /tmp/test.sh before exiting. The shell script (/tmp/test.sh) is
> killed, but the shell
> script does NOT kill its child sleep process. Here is the process list after
> the client disconnects:
>
> root 12724 1 0 04:46:13 ? 0:00 /opt/ssh/sbin/sshd
> root 13314 1 0 05:24:21 ? 0:00 sleep 1000
>
> You can test this by manually running the command:
> # PID=`ps -ef | grep /tmp/test.sh | awk '{print $2}'`
> # kill -HUP $PID
>
> The shell script will be killed but the child process (sleep 1000) will keep
> running.
The shell (script) needs to deal with its own children, there's not much
sshd can do (except possibly sending the HUP to the process group rather
than the shell?)
It seems similar to this bug:
http://bugzilla.mindrot.org/show_bug.cgi?id=52
"Known-good workarounds:
* bash: shopt huponexit on
* tcsh: none
* zsh: setopt HUP (usually the default setting)
(taken from email from Jason Stone to openssh-unix-dev, 5
May 2001)
* pdksh: ?"
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list