ssh -f and pid

Ming minger at gmail.com
Fri Feb 5 18:14:40 EST 2010 

Just to be clear, even with Van Huesden's patch to ssh, it would not be
"plug and play."  At least ssh could meet the dominant paradigm of tracking
pid half-way through the pid file.  Half-way, part-way, is a lot better than
the socket no-way.

On Fri, Feb 5, 2010 at 2:06 AM, Ming <minger at gmail.com> wrote:

>
>
> On Fri, Feb 5, 2010 at 12:49 AM, Damien Miller <djm at mindrot.org> wrote:
>
>> On Thu, 4 Feb 2010, Ming wrote:
>>
>> > > It isn't necessary. You can tear down ssh connections from the control
>> > > socket and learn the PID of a running SSH, see the commands listed
>> > > under -O in ssh(1).
>> > >
>> > A individual can do an number of things with a understanding of and
>> beyond
>> > the man page, but how do you get ssh to play nicely in a ecosystem of
>> > monitoring software?
>>
>> It isn't above and beyond the manpage, checking the state of a running
>> connection is a clearly documented feature.
>>
>> > Say the os has bunch of ssh processes active.  How the monitoring
>> software
>> > in a standard way which ones it created -- and thus track -- and which
>> ones
>> > it hasn't?
>>
>> It can request separate control sockets if it likes.
>>
>> > ControlPath has to be specified for -O and command line query required?
>>  How
>> > is ssh suppose to plug and play with monitoring software?
>>
>> I think the monitoring software needs to support ssh and not the other
>> way around. There are lots of ways one might monitor ssh, and I don't
>> think
>> we could even be "plug and play" with all of them.
>>
>> -d
>>
>
> The monitoring software just needs to know the pid of the command executed.
>  That's all it needs to be plug and play.  And they only kill the process by
> pid.    Looking at all the times (via Google) you have offered the same ssh
> -O solution across the web to people have asked for a pid the years, it
> seems that it is *your* stance not to be "plug and play."
>
> The few monitoring packages I experimented all expect a pid from the
> daemon.
>
> Luckily, I could find one package, autossh, that specifically -- and only
> -- monitors ssh.  Now, I have to run two packages, one to monitor ssh
> specifically and one for all my other daemons and scripts.
>
> At least it works.  Would the security of openssh be so compromised by
> spitting out its pid?
>
> -M
>
>
>
>
>
>
>

More information about the openssh-unix-dev mailing list