exit status of ssh?

Chris Quenelle chris.quenelle at oracle.com
Sat Mar 19 03:52:51 EST 2011 

On Friday March 18    9:41AM, Michael Loftis wrote:
> On Thu, Mar 17, 2011 at 5:17 PM, Chris Quenelle
> <chris.quenelle at oracle.com>  wrote:
>> The man page for ssh says that the exit status of ssh should
>> be the exit status of the program that it runs.
>>
>> The session terminates when the command or shell on the remote machine
>> exits and all X11 and TCP/IP connections have been closed. The exit sta‐
>> tus of the remote program is returned as the exit status of ssh.
>> ...
>> ssh exits with the exit status of the remote command or with 255 if an
>> error occurred.
>>
>>
>> But it doesn't seem to work.
>>
>>
>> % bash -c '"/bin/ls /foo"' ; echo $?
>> bash: /bin/ls /foo: No such file or directory
>> 127
>>
>> % ssh cryo bash -c '"/bin/ls /foo"' ; echo $?
>> /bin/ls: /foo: No such file or directory
>> 0
>>
>> What's up?
> You're seeing the exit status from the bash command, which is doing
> something different possibly due to configuration (.bashrc and
> related).  Skip invoking bash and try ssh cryo /bin/ls /foo and see
> what your exit code is then.

Good point.  But the results are the same.
Here's the new data without bash in the mix.
This assumes that sshd doesn't spawn a shell of some kind to execute the 
command.

% /bin/ls /foo; echo $?
/foo: No such file or directory
2

% ssh -v buba /bin/ls /foo; echo $?
Sun_SSH_1.5, SSH protocols 1.5/2.0, OpenSSL 0x0090811f
debug1: Reading configuration data /home/quenelle/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be 
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to buba [10.133.144.239] port 22.
debug1: Connection established.
debug1: ssh_kmf_check_uri: /home/quenelle/.ssh/identity
debug1: Identity file/URI '/home/quenelle/.ssh/identity' pubkey type UNKNOWN
debug1: ssh_kmf_check_uri: /home/quenelle/.ssh/id_rsa
debug1: ssh_kmf_key_from_blob: blob length is 149.
debug1: Identity file/URI '/home/quenelle/.ssh/id_rsa' pubkey type ssh-rsa
debug1: ssh_kmf_check_uri: /home/quenelle/.ssh/id_dsa
debug1: ssh_kmf_key_from_blob: blob length is 433.
debug1: Identity file/URI '/home/quenelle/.ssh/id_dsa' pubkey type ssh-dss
debug1: Logging to host: buba
debug1: Local user: quenelle Remote user: quenelle
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: match: Sun_SSH_1.1 pat Sun_SSH_1.1*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.5
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, 
DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: Creating a global KMF session.
debug1: My KEX proposal before adding the GSS KEX algorithm:
debug1: Failed to acquire GSS-API credentials for any mechanisms (No 
credentials were supplied, or the credentials were unavailable or 
inaccessible

)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: My KEX proposal I sent to the peer:
debug1: KEX proposal I received from the peer:
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
debug1: Peer sent proposed langtags, ctos: 
en-CA,en-US,es,es-MX,fr,fr-CA,i-default
debug1: Peer sent proposed langtags, stoc: 
en-CA,en-US,es,es-MX,fr,fr-CA,i-default
debug1: We proposed langtags, ctos: en-US
debug1: We proposed langtags, stoc: en-US
debug1: Negotiated lang: en-US
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: en_US.UTF-8
debug1: Remote: Negotiated messages locale: en_US.UTF-8
debug1: dh_gen_key: priv key bits set: 136/256
debug1: bits set: 1622/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: ssh_kmf_key_from_blob: blob length is 149.
debug1: ssh_kmf_key_from_blob: blob length is 149.
debug1: ssh_kmf_key_from_blob: blob length is 149.
debug1: Host 'buba' is known and matches the RSA host key.
debug1: Found key in /home/quenelle/.ssh/known_hosts:42
debug1: bits set: 1588/3191
debug1: ssh_rsa_verify: signature correct
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue: 
gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No 
credentials were supplied, or the credentials were unavailable or 
inaccessible

)
debug1: Next authentication method: publickey
debug1: Trying private key: /home/quenelle/.ssh/identity
debug1: ssh_kmf_check_uri: /home/quenelle/.ssh/identity
debug1: Trying public key: /home/quenelle/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 149 lastkey 80ab010 hint 1
debug1: ssh_kmf_key_from_blob: blob length is 149.
debug1: ssh_kmf_check_uri: /home/quenelle/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey)
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: channel request 0: env
debug1: Sending command: /bin/ls /foo
debug1: channel request 0: exec
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug1: Remote: Channel 0 set: LANG=en_US.UTF-8
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: rcvd close
debug1: channel 0: close_read
debug1: channel 0: input open -> closed
/foo: No such file or directory
debug1: channel 0: obuf empty
debug1: channel 0: close_write
debug1: channel 0: output drain -> closed
debug1: channel 0: almost dead
debug1: channel 0: gc: notify user
debug1: channel 0: gc: user detached
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel 0: garbage collecting
debug1: channel_free: channel 0: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.2 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 2
0




>> I see the same thing on a Linux system and a Solaris system:
>>
>> % ssh -V
>> OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005
>>
>> % ssh -V
>> Sun_SSH_1.5, SSH protocols 1.5/2.0, OpenSSL 0x0090811f
>>
>> Output of -v is:
>>
>> % ssh -v cryo bash -c '"/bin/ls /foo"'
>> OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005
>> debug1: Reading configuration data /home/quenelle/.ssh/config
>> debug1: Reading configuration data /etc/ssh/ssh_config
>> debug1: Applying options for *
>> debug1: Connecting to cryo [10.133.144.28] port 22.
>> debug1: Connection established.
>> debug1: identity file /home/quenelle/.ssh/identity type -1
>> debug1: identity file /home/quenelle/.ssh/id_rsa type 1
>> debug1: identity file /home/quenelle/.ssh/id_dsa type 2
>> debug1: Remote protocol version 1.99, remote software version OpenSSH_4.2
>> debug1: match: OpenSSH_4.2 pat OpenSSH*
>> debug1: Enabling compatibility mode for protocol 2.0
>> debug1: Local version string SSH-2.0-OpenSSH_4.2
>> debug1: SSH2_MSG_KEXINIT sent
>> debug1: SSH2_MSG_KEXINIT received
>> debug1: kex: server->client aes128-cbc hmac-md5 none
>> debug1: kex: client->server aes128-cbc hmac-md5 none
>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>> debug1: Host 'cryo' is known and matches the RSA host key.
>> debug1: Found key in /home/quenelle/.ssh/known_hosts:33
>> debug1: ssh_rsa_verify: signature correct
>> debug1: SSH2_MSG_NEWKEYS sent
>> debug1: expecting SSH2_MSG_NEWKEYS
>> debug1: SSH2_MSG_NEWKEYS received
>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>> debug1: Authentications that can continue: publickey,keyboard-interactive
>> debug1: Next authentication method: publickey
>> debug1: Trying private key: /home/quenelle/.ssh/identity
>> debug1: Offering public key: /home/quenelle/.ssh/id_rsa
>> debug1: Server accepts key: pkalg ssh-rsa blen 149
>> debug1: read PEM private key done: type RSA
>> debug1: Authentication succeeded (publickey).
>> debug1: channel 0: new [client-session]
>> debug1: Entering interactive session.
>> debug1: Sending environment.
>> debug1: Sending env LANG = en_US.UTF-8
>> debug1: Sending command: bash -c "/bin/ls /foo"
>> /bin/ls: /foo: No such file or directory
>> debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
>> debug1: channel 0: free: client-session, nchannels 1
>> debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.2 seconds
>> debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
>> debug1: Exit status 2
>>
>> Since the expected exit status is "127", and the status
>> that the shell sees with $? is "0", I'm not sure how the "status 2"
>> on the last line fits in.
>>
>>
>>
>>
>>
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev at mindrot.org
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>>

More information about the openssh-unix-dev mailing list