Changed behavior of ControlPath too long errors
Jakub Jelen
jjelen at redhat.com
Wed May 3 18:27:10 AEST 2017
Hello,
recently we noticed that the behavior of too long ControlPath sockets
changed in OpenSSH 6.7 from non-fatal error to fatal. The change was
brought in by the unix-domain socket forwarding [1] and is not
completely clear if it is intentional or not. It can be simply
reproduced by trying to set up long ControlPath (common in Ansible):
ssh -o
ControlPath=/var/lib/very-long-installer/.ansible/cp/ansible-ssh-%h-%p-%r
-o ControlMaster=yes jenkins.localdomain hostname
ControlPath
"/var/lib/very-long-installer/.ansible/cp/ansible-ssh-jenkins-localdomain-22-installer.RpqsfHyo1aAYZIg2"
too long for Unix domain socket
The OpenSSH 6.6p1 successfully falls back to not using MUX (goto
disable_mux_master;), but newer versions interpret it as a fatal errors
and exit.
I understand that I might be late for party and being strict about
configuration options is a good thing, but having this functionality
backward compatible would be very helpful for existing scripts.
Is this intentional change? Can we stick back to the old behavior?
[1] https://github.com/Jakuje/openssh-portable/commit/7acefbbc
Thanks,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat
More information about the openssh-unix-dev
mailing list