ssh - Connection closed by UNKNOWN
488 views
Skip to first unread message
Petr Lautrbach
Jul 16, 2014, 10:09:26 AM7/16/14
to OpenSSH Devel List
Hi,
ssh clients shows "closed by UNKNOWN" message when a socket is closed by a
remote side while ssh is waiting for user's password:
$ ssh user@localhost
user@localhost's password:
Connection closed by UNKNOWN
When the packet_read_seqnr() calls get_remote_ipaddr(), a connection's
socket is already closed and there's not been any other call of this function
yet so canonical_host_ip from canohost.c is still NULL and the function
returns "UNKNOWN". I think that it could be workarounded by calling get_remote_ipaddr() right
after packet_set_connection(), e.g. using another debug message, see bellow, or
there could be set_remote_ipaddr() in canonhost.c for that.
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -62,6 +62,7 @@
#include "monitor_fdpass.h"
#include "ssh2.h"
#include "version.h"
+#include "canohost.h"
char *client_version_string = NULL;
char *server_version_string = NULL;
@@ -171,6 +172,8 @@ ssh_proxy_fdpass_connect(const char *host, u_short port,
/* Set the connection file descriptors. */
packet_set_connection(sock, sock);
+ debug("Connected to %.200s [%.100s] port %d.",
+ host, get_remote_ipaddr(), get_remote_port());
return 0;
}
@@ -493,6 +496,8 @@ ssh_connect_direct(const char *host, struct addrinfo *aitop
/* Set the connection. */
packet_set_connection(sock, sock);
+ debug("Connected to %.200s [%.100s] port %d.",
+ host, get_remote_ipaddr(), get_remote_port());
return 0;
}
_______________________________________________
openssh-unix-dev mailing list
openssh-...@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
ssh clients shows "closed by UNKNOWN" message when a socket is closed by a
remote side while ssh is waiting for user's password:
$ ssh user@localhost
user@localhost's password:
Connection closed by UNKNOWN
When the packet_read_seqnr() calls get_remote_ipaddr(), a connection's
socket is already closed and there's not been any other call of this function
yet so canonical_host_ip from canohost.c is still NULL and the function
returns "UNKNOWN". I think that it could be workarounded by calling get_remote_ipaddr() right
after packet_set_connection(), e.g. using another debug message, see bellow, or
there could be set_remote_ipaddr() in canonhost.c for that.
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -62,6 +62,7 @@
#include "monitor_fdpass.h"
#include "ssh2.h"
#include "version.h"
+#include "canohost.h"
char *client_version_string = NULL;
char *server_version_string = NULL;
@@ -171,6 +172,8 @@ ssh_proxy_fdpass_connect(const char *host, u_short port,
/* Set the connection file descriptors. */
packet_set_connection(sock, sock);
+ debug("Connected to %.200s [%.100s] port %d.",
+ host, get_remote_ipaddr(), get_remote_port());
return 0;
}
@@ -493,6 +496,8 @@ ssh_connect_direct(const char *host, struct addrinfo *aitop
/* Set the connection. */
packet_set_connection(sock, sock);
+ debug("Connected to %.200s [%.100s] port %d.",
+ host, get_remote_ipaddr(), get_remote_port());
return 0;
}
_______________________________________________
openssh-unix-dev mailing list
openssh-...@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Petr Lautrbach
Jul 17, 2014, 2:29:33 AM7/17/14
to OpenSSH Devel List
On Wed, Jul 16, 2014 at 04:04:04PM +0200, Petr Lautrbach wrote:
> or there could be set_remote_ipaddr() in canonhost.c for that.
>
--- a/canohost.c
> or there could be set_remote_ipaddr() in canonhost.c for that.
>
+++ b/canohost.c
@@ -321,6 +321,21 @@ clear_cached_addr(void)
cached_port = -1;
}
+void set_remote_ipaddr(void) {
+ if (canonical_host_ip != NULL)
+ free(canonical_host_ip);
+
+ if (packet_connection_is_on_socket()) {
+ canonical_host_ip =
+ get_peer_ipaddr(packet_get_connection_in());
+ if (canonical_host_ip == NULL)
+ cleanup_exit(255);
+ } else {
+ /* If not on socket, return UNKNOWN. */
+ canonical_host_ip = xstrdup("UNKNOWN");
+ }
+}
+
/*
* Returns the IP-address of the remote host as a string. The returned
* string must not be freed.
@@ -330,17 +345,9 @@ const char *
get_remote_ipaddr(void)
{
/* Check whether we have cached the ipaddr. */
- if (canonical_host_ip == NULL) {
- if (packet_connection_is_on_socket()) {
- canonical_host_ip =
- get_peer_ipaddr(packet_get_connection_in());
- if (canonical_host_ip == NULL)
- cleanup_exit(255);
- } else {
- /* If not on socket, return UNKNOWN. */
- canonical_host_ip = xstrdup("UNKNOWN");
- }
- }
+ if (canonical_host_ip == NULL)
+ set_remote_ipaddr();
+
return canonical_host_ip;
}
diff --git a/canohost.h b/canohost.h
index 4c8636f..4079953 100644
--- a/canohost.h
+++ b/canohost.h
@@ -13,6 +13,7 @@
*/
const char *get_canonical_hostname(int);
+void set_remote_ipaddr(void);
const char *get_remote_ipaddr(void);
const char *get_remote_name_or_ip(u_int, int);
diff --git a/sshconnect.c b/sshconnect.c
index 799c8d0..08886ac 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -62,6 +62,7 @@
#include "monitor_fdpass.h"
#include "ssh2.h"
#include "version.h"
+#include "canohost.h"
char *client_version_string = NULL;
char *server_version_string = NULL;
@@ -171,6 +172,7 @@ ssh_proxy_fdpass_connect(const char *host, u_short port,
+++ b/sshconnect.c
@@ -62,6 +62,7 @@
#include "monitor_fdpass.h"
#include "ssh2.h"
#include "version.h"
+#include "canohost.h"
char *client_version_string = NULL;
char *server_version_string = NULL;
/* Set the connection file descriptors. */
packet_set_connection(sock, sock);
return 0;
}
@@ -493,6 +495,7 @@ ssh_connect_direct(const char *host, struct addrinfo *aitop,
/* Set the connection. */
packet_set_connection(sock, sock);
Damien Miller
Jul 17, 2014, 8:01:32 PM7/17/14
to Petr Lautrbach, OpenSSH Devel List
Could you make a bug at https://bugzilla.mindrot.org and attach your patch
there? This ensures that it won't get lost.
-d
there? This ensures that it won't get lost.
-d
Petr Lautrbach
Jul 18, 2014, 12:42:21 AM7/18/14
to Damien Miller, OpenSSH Devel List
On Fri, Jul 18, 2014 at 10:01:21AM +1000, Damien Miller wrote:
> Could you make a bug at https://bugzilla.mindrot.org and attach your patch
> there? This ensures that it won't get lost.
>
Sure - https://bugzilla.mindrot.org/show_bug.cgi?id=2257
> Could you make a bug at https://bugzilla.mindrot.org and attach your patch
> there? This ensures that it won't get lost.
>
Reply all
Reply to author
Forward
0 new messages