older versions of OpenSSH periodically kill the connection when multiple channels are opened

Terra Frost terrafrost at gmail.com
Wed Oct 13 18:02:07 AEDT 2021


https://pastebin.com/q5KFKmWm is the full log in case you're curious. But
the
https://sources.debian.org/patches/openssh/1:6.7p1-5+deb8u4/consolekit.patch/
link looks like a good find!

On Tue, Oct 12, 2021 at 11:03 PM Darren Tucker <dtucker at dtucker.net> wrote:

> On Wed, 13 Oct 2021 at 14:07, Terra Frost <terrafrost at gmail.com> wrote:
> > Sometimes when I connect to older OpenSSH servers the server closes the
> > connection. Doing "sudo /usr/sbin/sshd -ddd -p2222 &" gives me the
> > following error:
> >
> > > debug1: Unable to open session: The name org.freedesktop.ConsoleKit was
> > not provided by any .service files
>
> Exactly which version are you seeing this with?  AFAICT no version of
> OpenSSH shipped by the OpenSSH team contains that debug message.
>
> > Here's the full error log that the OpenSSH server is providing:
>
> This is not the full log, if it was the sshd version identifier would
> be present.
>
> [...]
> > debug1: Allocating pty.
> > debug3: mm_request_send entering: type 28
>
> From monitor.h this is MONITOR_REQ_PTY.
>
> > debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY
> > debug3: mm_request_receive_expect entering: type 29
> > debug3: mm_request_receive entering
>
> 29 is indeed MONITOR_ANS_PTY
>
> > debug1: Unable to open session: The name org.freedesktop.ConsoleKit was
> not
> provided by any .service files
>
> as mentioned above this message is not present in stock OpenSSH.
>
> > debug3: mm_request_send entering: type 157
>
> monitor.h does not define a type 157.  Debian's gssapi patch defines
> up to 153 and its selinux patch defines 154 so this is something else
> again.
>
> > debug3: mm_request_receive entering
> > debug3: monitor_read: checking request 28
> > debug3: mm_answer_pty entering
> > debug2: session_new: allocate (allocated 1 max 10)
> > debug3: session_unused: session id 1 unused
> > debug1: session_new: session 1
> > debug3: mm_request_send entering: type 29
> > debug3: mm_answer_pty: tty /dev/pts/3 ptyfd 9
> > mm_request_receive_expect: read: rtype 157 != type 29
>
> This looks to me like the monitor and the unprivileged process are
> getting out of sync although it's not clear why.
>
> > debug1: unregistering ConsoleKit session (null)
>
> this is also not from the stock OpenSSH code.
>
> > I haven't seen this issue on SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 or
> > later versions but, none-the-less, this error is causing some unit tests
> to
> > fail, intermittently.
>
> That's a version that doesn't have the problem.  Which versions do
> have the problem?
>
> > Should I make it so that the client won't open up multiple channels on
> > versions of OpenSSH older than 7.2?
>
> That's up to you, but it looks like this problem is specific to a
> vendor modified version.
>
> --
> Darren Tucker (dtucker at dtucker.net)
> GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
>     Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>


More information about the openssh-unix-dev mailing list