ssh closing file descriptors for ControlPersist

[Jakub Jelen]

Hi all,
we were discussing internally how to make openssh leave open file 
descriptors that were open before main using LD_PRELOAD. Lately I filled 
upstream bugzilla [1] with proposed solution, that could be acceptable 
by upstream, but I'm also posting on this list to get more attention, 
other points of view or ideas for this case.

I understand well, that closing FDs is important for backgrounded [mux] 
process who is handling IO for all sessions in specific connection. I 
also understand, that it is good practice to know what are your open 
file descriptors and close the other "hanging around". But aside all of 
this, what would be proposal if you would need to preserve this open 
file descriptor?

In above mentioned bugzilla, I'm proposing to close these FDs only if we 
have configuration option ControlPersist enabled (as comments in code 
describes). This requires to move the the whole closing thing down after 
reading config files and commandline options. But this can interfere 
with debug logging enabled (using -E option), so to make it working, it 
is required to reopen this log file after closing other FDs.

Q: File descriptor from debug log (-E option) doesn't matter when 
backgrounding ControlPersist master?
Q: For non-backgrounding process using ControlMaster only is not a 
problem to have hanging file descriptors around?

I'm interested only in preserving this FD without multiplexing, but of 
course I want to have multiplexing working after this change.

[1] https://bugzilla.mindrot.org/show_bug.cgi?id=2394

-- 
Jakub Jelen
Associate Software Engineer
Security Technologies
Red Hat