[Bug 3290] New: ControlPersist opens shell even with -N

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Mar 30 09:32:11 AEDT 2021 

https://bugzilla.mindrot.org/show_bug.cgi?id=3290

            Bug ID: 3290
           Summary: ControlPersist opens shell even with -N
           Product: Portable OpenSSH
           Version: 8.5p1
          Hardware: amd64
                OS: All
            Status: NEW
          Severity: minor
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: bugzillamindroto-mzk3bxkyqa at central-intelligence.agenc
                    y

I'm trying to use an SSH tunnel through a host that only allows local
port forwarding, nothing else.

For reproducibility purposes the example in this report uses a pretty
much default ssh configuration with the users shell being a shell
script echoing that the user isn't supposed to login and then exits.

As I'm defaulting to using ControlMaster and ControlPersist in my
ssh_config I came across this, as it effectively makes this connection
impossible to use unless ControlMaster and ControlPath are explicitly
disabled for this destination.

A working example would be

ssh -F /dev/null -vvv -N -o ControlMaster=auto -o ControlPath=~/cptest
localhost

In this case I can open a connection and nothing happens, as expected.
Adding a port forward with -L works fine too and I can reach the
intended destination. Great.

Once I add ControlPersist to this command however it breaks:

ssh -F /dev/null -vvv -N -o ControlMaster=auto -o ControlPath=~/cptest
-o ControlPersist=5 localhost

Leading up to the exit I find this in the SSH logs (some lines
omitted):

debug2: channel 2: request shell confirm 1
debug2: shell request accepted on channel 2
This is not a real shell, you are not supposed to login.
debug1: client_input_channel_req: channel 2 rtype exit-status reply 0
debug3: mux_exit_message: channel 2: exit message, exitval 0

The message is coming from the users shell.

The ControlMaster keeps running in the background until ControlPersist
times out. I can also verify that it still has a working session as I
can access a -L forwarded port before it's closing the ControlMaster
session.

Client and server config as well as -vvv client logs of both scenarios
are attached.

Tested on 8.1 (macOS), 8.2 (Linux) and 8.5 (Linux).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list