[Bug 1213] ssh-keyscan exits in mid-way

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Nov 30 16:51:43 EST 2011


--- Comment #41 from aab at purdue.edu 2011-11-30 16:51:43 EST ---
(In reply to comment #40)
> Okay, I tried Ubuntu's packaging of OpenSSH (version 1:5.8p1-7ubuntu1)
> with your patch, and it powered through everything. Here is a list of
> all the error messages I received:
> A.B.C.D: Connection closed by remote host
> Connection closed by A.B.C.D
> Connection to A.B.C.D timed out while waiting to read
> Received disconnect from A.B.C.D: 10:  Protocol error
> Received disconnect from A.B.C.D: 10:  Protocol error
> Received disconnect from A.B.C.D: 11:  SSH Disabled
> Received disconnect from A.B.C.D: 2: Client Disconnect
> Received disconnect from A.B.C.D: 2: Protocol Timeout
> connect (`A.B.C.D'): Network is unreachable
> no 'ssh-rsa' hostkey alg(s) for A.B.C.D
> read (A.B.C.D): Connection reset by peer
> read (A.B.C.D): No route to host
> (This is ssh-keyscan output with /^#.*$/ filtered out, all IPs zapped,
> and 'sort -u'd)

The number of ways that key access can be terminated keeps increasing,
doesn't it?

FWIW - the message "A.B.C.D: Connection closed by remote host" has been
changed to "read(A.B.C.D): Connection closed by remote host" to be more
consistent with the other messages (as above) issued in the same code

> Now the question is, why hasn't this been checked in already! (Have you
> tried making some noise on the mailing list?)

My oops.  I have had my focus redirected to other projects and,
besides, I'm very lazy (;-}).

Dumb me, I thought at least a question or two would be forthcoming from
the OpenSSH folks.  Guess not. I saw the mailing list reference in the
README and promptly forgot about it.  I will send the patch there.  I
apologize for the slowness.

Question for you.  The ssh-keyscan code currently limits the maximum
number of used file descriptors to <256.  The biggest problem that I've
seen with that number is, if you ever have a very large number of down
hosts (which we have had), the code uses the available fds and has to
wait for a '-Tn' timeout on one of them to start another key access.
I've made a local modification that changes that number to 512.  The
code seems smart enough so that, if the OS has smaller limits, nothing
will break.  Right now Debian defaults to 1024 fds max and (at least
our) Redhat to 20480.  So 512 is a modest increase.  Would you have an
opinion on this?

Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list