Strange behaviour ssh -> bash --> (tty no echo) --> c program?

ssh bash debug

I answer to myself for saying I have just found the problem I hope the following helps to anyone

Finally I recompiled the ssh source code (openssh-5.3p1) inserting several 'traps' within the code to see what was going on there

channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
{
u_int limit = compat20 ? c->remote_window : packet_get_maxsize();

int aux = buffer_len(&c->input);
debugtrap("en pre_open c-istate: %d limit %d buffer_len %d c_ostate %d
ctl_fd %d\n",c->istate,limit,aux,c->ostate,c->ctl_fd);

/* the rest of the function code */

limit variable at the beginning (by default) is 1024 * 1024

In normal conditions the limit variable is adjusting its window size each time channe_pre_open function is called (example using putty)

En pre_open c-istate: 0 limit 1048576 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 1048576 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 1048495 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 1048495 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 1048415 buffer_len 0 c_ostate 0   ctl_fd -1
...... time later
En pre_open c-istate: 0 limit 1002267 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 1002267 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 1002267 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 998560 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 998560 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 1048576 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 1048576 buffer_len 0 c_ostate 0   ctl_fd -1

But, If I compare the same trace when the hand-terminal connects to the application I can see the buffer is consuming (it isn't renegotiate each time) the whole size

En pre_open c-istate: 0 limit 1048576 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 1048576 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 1048476 buffer_len 0 c_ostate 0   ctl_fd -1
......
En pre_open c-istate: 0 limit 985 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 647 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 647 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 647 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 647 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 632 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 322 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 322 buffer_len 0 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1
En pre_open c-istate: 0 limit 0 buffer_len 16 c_ostate 0   ctl_fd -1

and finally limit variable comes to 0

When it happens fd#10 is lost from readfds in select call

0.000025 select(11, [3 6 10], [3], NULL, {900, 0}) = 1 (in [10], left {899, 999997})
0.000025 select(11, [3 6 10], [3], NULL, {900, 0}) = 1 (in [10], left {899, 999994})
0.000025 select(11, [3 6 10], [3], NULL, {900, 0}) = 1 (in [10], left {899, 999995})
0.000025 select(11, [3 6], [3], NULL, {900, 0}) = 1 (out [3], left {899, 908736})  
0.000026 select(11, [3 6], [3], NULL, {900, 0}) = 1 (out [3], left {899, 986906})  
0.000025 select(11, [3 6], [3], NULL, {900, 0}) = 1 (out [3], left {899, 992061})

The thing is that select call doesn't include this file descriptor in the set because its blocked by the other side until the buffer (client<->sshd) will be empty (it supposes the sshd cannot send more bytes to the ssh client because the window size is 0, so the fd has to be blocked to prevent send more information from the shell side)

This behaviour doesn't happen using putty client, and it seems its related ssh client of Honeywell hand-terminal which is based on Openssh (don't know the version)

Anyway, I have just confirmed the following version: OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004 is not affected (tested on Windows 10 against RHEL6 ssh-server 5.3.p1)

Nacho.

Related

Preprocessor for Dockerfile with variables and include files
504s on Elastic Beanstalk app deploy (user -> ELB -> Elastic Beanstalk mod_wsgi)
ZFS on Centos - "No such pool or dataset" and "devices is currently unavailable"
How to place Docker images ontop of an NFS share in CoreOS?
Apache/2.4.6 default prefork MPM configuration on Centos 7
Compressing folders with long paths
Improve SSL Performance with Nginx
Find number of unused disk bays on a dell server running windows or ESXi
How to maximize utilization of fluentd server?
VirtualHost Defaulting to Wrong Deployment on Restart
What is difference between .\, (local), localhost, and computername in windows?
json - select object without quotation using jq tool