First Last Prev Next    This bug is not in your last search results.
Bug 42476 - univention-ssh should use "-o ControlPath none"
univention-ssh should use "-o ControlPath none"
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: SSH
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-3-errata
Assigned To: Philipp Hahn
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-09-22 14:01 CEST by Philipp Hahn
Modified: 2016-09-28 14:04 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.091
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2016083021000628
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2016-09-22 14:01:51 CEST 
A customer enabled SSH connection multiplexing in /root/.ssh/config with
 ControlPersist 30m

A the Samba sysvol share replication mechanism in UCS uses univention-ssh-rsync like:

services/univention-samba4/sysvol-sync-scripts/sysvol-sync.sh
>    need_sync="$(univention-ssh-rsync /etc/machine.secret \
>        --dry-run -v "${rsync_options[@]}" \
>        "$src"/ "$dst" 2>&1 \
>        | sed '1,/^receiving incremental file list$/d;' | head --lines=-3)"

In that case the ssh process forks into the background and inherits the PIPE to sed as STDERR, thus remaining as the lone possible writer. A such sed/head don't terminate as they must wait for all possible writers to quit first.

univention-ssh should pass "-o ControlPath none" to ssh to never use connection multiplexing.
Comment 1 Philipp Hahn univentionstaff 2016-09-22 14:24:14 CEST 
r72754 | Bug #42476 ssh: Disable ssh connection multiplexing
r72749 | Bug #42476 ssh: Disable ssh connection multiplexing
r72748 | Bug #42476 ssh: Copyright 2016

Package: univention-ssh
Version: 7.0.0-3.52.201609221414
Branch: ucs_4.1-0
Scope: errata4.1-3

r72755 | Bug #42476 ssh: Disable ssh connection multiplexing YAML
 univention-ssh.yaml
Comment 2 Felix Botner univentionstaff 2016-09-27 16:05:13 CEST 
OK - univention-ssh sets ControlPath=none
OK - yaml
OK - merged to 4.2-0
Comment 3 Janek Walkenhorst univentionstaff 2016-09-28 14:04:38 CEST 
<https://errata.software-univention.de/ucs/4.1/280.html>
First Last Prev Next    This bug is not in your last search results.