OpenSSH 3.7.1p2 Problem with STDERR when called from C program

From: Carlson, Scott (Scott.Carlson_at_schwab.com)
Date: 04/13/04

  • Next message: Tran, Jennifer: "RE: [OpenSSH] public key problem"
    To: "'secureshell@securityfocus.com'" <secureshell@securityfocus.com>
    Date: Tue, 13 Apr 2004 09:54:30 -0700
    
    

    I'm not sure this is the hang on exit thing that everyone's been discussing,
    but I thought I would post some issues I'm having with OpenSSH on Linux to
    see if there is a solution.

    Environment:

    [Server1] Centralized Management Server running RedHat Advanced Server 2.1
    Linux, glibc-2.3.2-95.6, kernel 2.4.9-e.25smp, OpenSSH 3.7.1p2
    [Client1] Remote server running RHAS 2.1, glibc-2.2.4-32.3, OpenSSH
    openssh-3.1p1-14 (From RedHat)
    [Client2] Remote server running RHAS 2.1, glibc-2.2.4-32.3, OpenSSH
    openssh-3.1p1-14 (From RedHat)

    OpenSSH communicates from Server1 to Client1,Client2 via SSH with key
    authentication. Interactive communication works wonderfully

            [server1] #ssh client1 "ls /tmp/abc"
            ls: /tmp/abc: No such file or directory

            [server1]#ssh client1 date
            Mon Apr 12 14:28:22 EDT 2004

            [server1]#ssh client2 "ls /tmp/abc"
            ls: /tmp/abc: No such file or directory

            [server1]#ssh client2 date
            Mon Apr 12 14:28:29 EDT 2004

    The Problem comes into play when I try and use our distributed shell utility
    (clusterit - dsh - http://www.garbled.net/clusterit.html) to execute
    commands over SSH. Any time there is a command that sends output to stderr,
    SSH never returns (or dsh never displays it) back to the prompt. I have to
    CTRL-C the command for it to return.

            [server1] #dsh -ew client1,client2 "ls /tmp/BBB"
    ( HANG, CTRL-C issued)
            cc0tp001: ls: /tmp/BBB: No such file or directoryKilled by signal 2.

    If I redirect stderr to stdout, there is no problem

            [server1] #dsh -ew client1,client2 "ls /tmp/BBB 2>&1"
            cc0tp001: ls: /tmp/BBB: No such file or directory
            bb0tp001: ls: /tmp/BBB: No such file or directory

    Also, this problem does not happen if I force OpenSSH to use Protocol 1 in a
    little script
            export RCMD_CMD=/opt/ssh/bin/ssh1

            /opt/ssh/bin/ssh1
            ------------------
                    #!/bin/ksh
                    /opt/ssh/bin/ssh -41 $*

            
            [server1] #dsh -ew client1,client2 "ls /tmp/BBB"
            cc0tp001: ls: /tmp/BBB: No such file or directory
            bb0tp001: ls: /tmp/BBB: No such file or directory

    Looking at the output above, I would think that it's not a problem with
    OpenSSH, but a problem with dsh. Then I started thinking about interactive
    versus noninteractive mode and was wondering if cron would have the same
    sort of problem. so, I ran the ssh command above (ssh client1 "ls
    /tmp/abc") directly out of cron and had no issues. thus, maybe the problem
    is with dsh - or maybe not? How does the Version2 differ from Version1.
    STDERR is STDERR, RIGHT?

    dsh uses execlp to call ssh (on about line 376)
            
    http://www.garbled.net/cgi-bin/cvsweb.cgi/src/dsh/dsh.c?annotate=1.18

    Is there maybe a problem with the file descriptors on this, or reading
    stderr?

    If someone has experienced something like this before, or one of you OpenSSH
    Developer guys who knows the interactive/notinteractive/pty/nopty thing,
    could you let me know if you have any thoughts as to what's going on here?
    I've tried applying the ViSolve patch to no avail, but haven't tried any of
    the others that were around, if they apply to this situation.

    Any thoughts?

    Thanks,

    Scott Carlson
    scott.carlson@schwab.com
    Technical Director
    Warning: All email sent to this address will be received by the Charles
    Schwab email system and is subject to Archival and review by someone other
    than the recipient


  • Next message: Tran, Jennifer: "RE: [OpenSSH] public key problem"

    Relevant Pages

    • Re: Recent OpenSSH releases not reading .bashrc for ssh commands
      ... their .bashrc will no longer get them without engaging in..... ... ssh can invoke bash without it then reading .bashrc. ... which svn", the .bashrc is no longer read. ... you're on RHEL 5, you've installed an updated OpenSSH, and you try to ...
      (comp.security.ssh)
    • Re: two SSH compatibility scenarios: can it work?
      ... We are required to use SSH to log into the Engineering lab machines. ... > server software displays this header upon telnet connection to port 22. ... I still use Windows on my notebook for application compatibility. ... > running OpenSSH 3.4p1. ...
      (comp.security.ssh)
    • Re: OpenSSH, Telnet, Windows Authentication and double-hops
      ... deployment on a Windows network. ... Does this mean that you are setting SSH port forwarding ... does not provide the other side with either a Kerberos ticket, ... We're focusing on the OpenSSH for Windows distribution. ...
      (comp.security.ssh)
    • Re: ssh compatability issues
      ... >> without keeping two versions of ssh around on my home computer. ... running the OpenSSH server that comes with Solaris ... By 'some old security problems with that' I was not sure if you meant ...
      (comp.security.ssh)
    • Re: Solaris 9 SSH: HostbasedAuthentication?
      ... > Subject: Solaris 9 SSH: HostbasedAuthentication? ... > authentication. ... I'm gathering that the OpenSSH version it's based on didn't have ...
      (Focus-SUN)