[Planetlab-users] a useful patch for ssh 3.8p1

Bowman, Mic mic.bowman at intel.com
Fri Mar 26 18:28:47 EST 2004 

As I'm sure many of you are aware... ssh has many creative ways to fail
and planetlab seems to tickle all of them. My most recent annoyance is
with the timeouts in ssh 3.8p1. The ConnectTimeout parameter handles the
case where the TCP connection fails altogether; ServerAliveInteral and
TCPKeepAlive both work pretty well once the connection has been
established. However, if the sshd exists but is not responding (e.g. the
situation on planet2.montreal.canet4.nodes.planet-lab.org right now)
such as happens when the disk is full or when file descriptors have been
exhausted, the ssh client will hang forever waiting for the banner.
Below is a little patch that uses the ConnectTimeout parameter to limit
the wait time for the banner. It seems to solve the problem of endless
waits and it gives more discretion for timeouts on operations that can
take a long time with no obvious output (e.g. rsync's of big logs). The
patch is against the portable distribution of openssh 3.8p1.
 
--Mic
 
*** sshconnect.c 2004-01-27 02:21:27.000000000 -0800
--- sshconnect-new.c 2004-03-26 14:48:24.000000000 -0800
***************
*** 429,434 ****
--- 429,444 ----
  }
  
  /*
+  * Signal handler for the alarm after the login grace period has
expired.
+  */
+ static void
+ grace_alarm_handler(int sig)
+ {
+  /* Log error and exit. */
+  fatal("Timeout before authentication"); }
+ 
+ /*
   * Waits for the server identification string, and sends our own
   * identification string.
   */
***************
*** 441,446 ****
--- 451,462 ----
   int connection_out = packet_get_connection_out();
   int minor1 = PROTOCOL_MINOR_1;
  
+  /* Setup a handler for banner prompt */
+  if (options.connection_timeout > 0) {
+    signal(SIGALRM, grace_alarm_handler);
+    alarm(options.connection_timeout);
+  }
+ 
   /* Read other side\'s version identification. */
   for (;;) {
    for (i = 0; i < sizeof(buf) - 1; i++) {
***************
*** 466,471 ****
--- 482,494 ----
   }
   server_version_string = xstrdup(buf);
  
+  /* Clear the alarm */
+  if (options.connection_timeout > 0) {
+    alarm(0);
+    signal(SIGALRM,SIG_DFL);
+  }
+  
+ 
   /*
    * Check that the versions match.  In future this might accept
    * several versions and set appropriate flags to handle them.

More information about the Users mailing list