Problemes with ControlPersist

Klaus Ethgen Klaus at Ethgen.de
Tue Mar 15 07:01:36 EST 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

Am Mo den 14. Mär 2011 um 20:34 schrieb Joachim Schipper:
> > 1. When I use ControlPersist in combination with ProxyCommand to reach a
> >    other host over that proxy I get the following message:
> >       Bad packet length 1397966893.
> >       Disconnecting: Paket corrupt
> > 
> >    When I fist ssh to the proxy, close the connection (that persists in
> >    background) and ssh to the target everything works well.
> 
> I use this in .ssh/config, and it works for me (and has been working for
> a long time):
> 
> Host *
> 	CheckHostIP yes
> 	ControlMaster auto
> 	ControlPath ~/.ssh/mux-%r@%h:%p
> 	ControlPersist 3m
> 	HashKnownHosts yes
> 	NoHostAuthenticationForLocalhost yes
> 	Protocol 2
> 
> Host ssh.cwi.nl
> 	ProxyCommand none
> 	StrictHostKeyChecking yes
> 
> Host *.cwi.nl
> 	User schipper
> 	ProxyCommand ssh ssh.cwi.nl netcat %h %p

've like the same. Just the newer syntax for ProxyCommand:
   Host *.sourceforge.net
      User XXX
      ForwardAgent no

   Host tschil-*
      ProxyCommand ssh -q -W %h:%p tschil

   Host XXXXX.XXX.ch
      ForwardAgent no
      ForwardX11 no
      BatchMode yes
      ProxyCommand ssh -q -W %h:%p XXXXXXXXX

   Host Manyhosts
      ProxyCommand ssh -q -W %h:%p XXXXX.XXX.ch

   Host Otherhosts
      ProxyCommand ssh -q -W %h:%p XXXXXXXXX

   Host *
      Protocol 2
      CheckHostIP no
      Cipher blowfish
      Ciphers blowfish-cbc
      VisualHostKey yes
      HashKnownHosts no
      ControlPath /home/klaus/.ssh/%r@%h:%p.sock
      ControlMaster auto
      ControlPersist 300
      ForwardX11 yes
      ForwardAgent yes

All works well when I comment out the ControlPersist line. And all
worked well since long time. But The ControlPersist breaks it as I told
above. Even the double proxy worked well and do without the
ControlPersist line.

> This is on OpenBSD-current (OpenSSH_5.8, OpenSSL 1.0.0a 1 Jun 2010).
> What are you connecting to what, and does it really say _Paket_ corrupt?

Sure. It was cut and paste.

> > 2. When I use cvs over ssh and use ControlPersist and ProxyCommand every
> >    ssh command will block at the end for exact the time I specify in
> >    ControlPersist. (Note that I have to start the proxy first like I
> >    described in the first issue.)
> 
> That's a known issue with certain programs (including e.g. Subversion,
> IIRC), but I don't recall how to fix it. Sorry.

I think the problems have something common. Maybe its the same.

Regards
   Klaus
- -- 
Klaus Ethgen                            http://www.ethgen.ch/
pub  2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus at Ethgen.de>
Fingerprint: D7 67 71 C4 99 A6 D4 FE  EA 40 30 57 3C 88 26 2B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBTX50H5+OKpjRpO3lAQpVJwf/dYZ1/5CiKJcCkwLiMuhEzLRc2/32wAIu
24C/jXrahFwMAKJXMk9lYXwtSI56Apj+cUqCO6zz4bomX3IONGLJoT5AGI842vfe
gRU4vfub4HbTtyJYQpDLYdYv7mbkZ2n84xH+w88BujX2NzCbjjm2jICjQOggzztw
AlFu41teC98T//xLM3PvWP1Je9hvJx3mGACzit0jqV+6DsMMU7l2QgGw8rPso4rS
IivccxU/9j/HChSkP8alwtcxqgoc9oWabC4GRYOLJVelHx2D7qFDSe+MDcYdaXuO
Koi8QMjIjhBfzxcjvrW/YgbWu2689yjsc5NhGJECK2AcRKgYHMriLA==
=Q+Bi
-----END PGP SIGNATURE-----

More information about the openssh-unix-dev mailing list