Bug 42476
| Summary: | univention-ssh should use "-o ControlPath none" | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Philipp Hahn <hahn> |
| Component: | SSH | Assignee: | Philipp Hahn <hahn> |
| Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
| Severity: | normal | ||
| Priority: | P5 | CC: | botner, gohmann, grandjean, walkenhorst |
| Version: | UCS 4.1 | ||
| Target Milestone: | UCS 4.1-3-errata | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| What kind of report is it?: | Bug Report | What type of bug is this?: | 4: Minor Usability: Impairs usability in secondary scenarios |
| Who will be affected by this bug?: | 2: Will only affect a few installed domains | How will those affected feel about the bug?: | 2: A Pain – users won’t like this once they notice it |
| User Pain: | 0.091 | Enterprise Customer affected?: | Yes |
| School Customer affected?: | Yes | ISV affected?: | |
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | 2016083021000628 | Bug group (optional): | |
| Max CVSS v3 score: | |||
r72754 | Bug #42476 ssh: Disable ssh connection multiplexing r72749 | Bug #42476 ssh: Disable ssh connection multiplexing r72748 | Bug #42476 ssh: Copyright 2016 Package: univention-ssh Version: 7.0.0-3.52.201609221414 Branch: ucs_4.1-0 Scope: errata4.1-3 r72755 | Bug #42476 ssh: Disable ssh connection multiplexing YAML univention-ssh.yaml OK - univention-ssh sets ControlPath=none OK - yaml OK - merged to 4.2-0 |
A customer enabled SSH connection multiplexing in /root/.ssh/config with ControlPersist 30m A the Samba sysvol share replication mechanism in UCS uses univention-ssh-rsync like: services/univention-samba4/sysvol-sync-scripts/sysvol-sync.sh > need_sync="$(univention-ssh-rsync /etc/machine.secret \ > --dry-run -v "${rsync_options[@]}" \ > "$src"/ "$dst" 2>&1 \ > | sed '1,/^receiving incremental file list$/d;' | head --lines=-3)" In that case the ssh process forks into the background and inherits the PIPE to sed as STDERR, thus remaining as the lone possible writer. A such sed/head don't terminate as they must wait for all possible writers to quit first. univention-ssh should pass "-o ControlPath none" to ssh to never use connection multiplexing.