Exiting ssh when MaxSessions=0
Darren Tucker
dtucker at zip.com.au
Sat Aug 30 13:03:16 EST 2008
Damien Miller wrote:
> On Fri, 29 Aug 2008, Iain Morgan wrote:
>
>> Hi,
>>
>> I've been experimenting with MaxSessions=0 in the sshd_config and have
>> encountered one unfortunate problem. Once the client authenticates to
>> the server, it ceases to respond to keyboard input.
>>
>> At first glance, it looks like the client is in a hung state and does
>> not time out. If port forwarding was requested on the command-line and
>> the server accepts the request, that continues to work. But the tilde
>> escapes (and ^C) do not work. Apparently, you have to kill the session
>> from another terminal.
>>
>> Once the session is killed, any buffered input is handled by the shell.
>>
>> In cases where you know the server will have MaxSessions=0, this is not
>> a huge issue; you just have to remember to use the -f option. It is a
>> bit unfortunate if you forget to use -f.
As a workaround if you need this behaviour: you can set "ForceCommand
/bin/true" instead of "MaxSessions 0". This will allow the channel
requests to succeed without letting the user actually do anything.
>> It would be nice if ~. worked in this situation. I suppose ~C would also
>> be nice in order to add port forwardings after the fact. I'm not sure if
>> it would be problematic to add such support.
>
> Yes, this is a bug. I think this patch fixes it, but I need to think
> though the consequences more:
>
> Index: channels.c
> ===================================================================
> RCS file: /var/cvs/openssh/channels.c,v
> retrieving revision 1.273
> diff -u -p -r1.273 channels.c
> --- channels.c 16 Jul 2008 12:42:06 -0000 1.273
> +++ channels.c 29 Aug 2008 19:25:04 -0000
> @@ -2311,8 +2311,8 @@ channel_input_open_failure(int type, u_i
> xfree(lang);
> }
> packet_check_eom();
> - /* Free the channel. This will also close the socket. */
> - channel_free(c);
> + /* Schedule the channel for cleanup/deletion. */
> + chan_mark_dead(c);
> }
>
> /* ARGSUSED */
>
> The difference if you are curious, is that chan_mark_dead() will schedule
> the channel for asynchronous cleanup, via channel_garbage_collect().
> That path runs the channel->detach_user callback which is what we rely
> on to determine that our main session channel has exited.
>
> channel_free() doesn't run any callbacks, so we never noticed that the
> session channel went away.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list