SIGPIPE from ssh-keyscan [patch]
Alan Amesbury
amesbury at oitsec.umn.edu
Thu May 2 17:17:28 UTC 2019
On May 1, 2019, at 20:07 , Jim Thompson <jim at netgate.com> wrote:
> The remote closed the session for some reason before ssh-keyscan wrote the greening ("SSH-2.0-OpenSSH-keyscan\r\n”), so you got SIGPIPE and ERRNO = 32 back from the write call.
>
> Arguably the right thing occurred here, with the exception that it killed your ssh-keyscan process.
>
> So perhaps instead of ignoring the signal, you should find out why the remote is exiting before the local can send its greeting.
I can't count on the remote side doing the write thing (yes, pun intended), as not all of the apparent "SSH servers" I attempt to obtain keys from are under my direct control. For me it would be better if ssh-keyscan were simply more robust in handling unexpected input.
> Otherwise, it’s a bit less heavy-handed to
>
> Int set = 1;
> setsockopt(sd, SOL_SOCKET, SO_NOSIGPIPE, (void *)&set, sizeof(int));
>
> Where sd is the descriptor in question (16 in your example below).
>
> But other parts of ssh-keyscan seem to want to know that EPIPE has occurred, so neither is the correction solution here.
That's why I asked where this was a sane plan. Again, I'm out of my depth here, and my solution reflects that.
--
Alan
More information about the freebsd-hackers
mailing list