Why "ssh -f -n" still connects to ptys?
Darren Tucker
dtucker at zip.com.au
Wed Feb 8 15:33:37 AEDT 2017
On Tue, Feb 7, 2017 at 5:15 PM, Clark Wang <dearvoid at gmail.com> wrote:
> See following example:
>
> $ ps p 45374
> PID TTY STAT TIME COMMAND
> 45374 ? Ss 0:00 ssh -N -D 7777 -f -n localhost
> $ ls -l /proc/45374/fd/
> total 0
> lrwx------ 1 root root 64 2017-02-07 14:12 0 -> /dev/pts/2
> lrwx------ 1 root root 64 2017-02-07 14:12 1 -> /dev/pts/2
> lrwx------ 1 root root 64 2017-02-07 14:12 2 -> /dev/pts/2
> lrwx------ 1 root root 64 2017-02-07 14:12 3 -> socket:[348711]
> lrwx------ 1 root root 64 2017-02-07 14:12 4 -> socket:[348767]
> $
>
> Why not open FDs 0, 1 and 2 on /dev/null?
It's not obvious from the man page (I had to look at the code), but
that's not how it works. -n affects the handling of the descriptor
attached to the ssh command channel, not the descriptors that the ssh
process uses to interact with the user.
-n (or -f, you only need to set one of them) set stdin_null_flag, and
what it does when setting up the channel connected to the remote
command is:
ssh_session2_open [...]
if (stdin_null_flag)
in = open(_PATH_DEVNULL, O_RDONLY);
else
in = dup(STDIN_FILENO);
out = dup(STDOUT_FILENO);
err = dup(STDERR_FILENO);
Compare with and without -n:
$ ssh localhost sleep 60
$ ls -l /proc/25235/fd
lrwx------ 1 dtucker dtucker 64 Feb 8 15:26 0 -> /dev/pts/30
lrwx------ 1 dtucker dtucker 64 Feb 8 15:26 1 -> /dev/pts/30
lrwx------ 1 dtucker dtucker 64 Feb 8 15:26 2 -> /dev/pts/30
lrwx------ 1 dtucker dtucker 64 Feb 8 15:26 3 -> 'socket:[149316207]'
lrwx------ 1 dtucker dtucker 64 Feb 8 15:26 4 -> 'socket:[149316212]'
lrwx------ 1 dtucker dtucker 64 Feb 8 15:26 5 -> /dev/pts/30
lrwx------ 1 dtucker dtucker 64 Feb 8 15:26 6 -> /dev/pts/30
lrwx------ 1 dtucker dtucker 64 Feb 8 15:26 7 -> /dev/pts/30
$ ssh -n localhost sleep 60
$ ls -l /proc/24959/fd/
total 0
lrwx------ 1 dtucker dtucker 64 Feb 8 15:25 0 -> /dev/pts/30
lrwx------ 1 dtucker dtucker 64 Feb 8 15:25 1 -> /dev/pts/30
lrwx------ 1 dtucker dtucker 64 Feb 8 15:25 2 -> /dev/pts/30
lrwx------ 1 dtucker dtucker 64 Feb 8 15:25 3 -> 'socket:[149315695]'
lrwx------ 1 dtucker dtucker 64 Feb 8 15:25 4 -> 'socket:[149315701]'
lrwx------ 1 dtucker dtucker 64 Feb 8 15:25 6 -> /dev/pts/30
lrwx------ 1 dtucker dtucker 64 Feb 8 15:25 7 -> /dev/pts/30
Note that fd#5 (stdin attached to the command channel) is missing in
the second. In your case you're not seeing any change in behaviour
because -N causes ssh to not request a command channel at all.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list