[Bug 1986521] Re: ssh client spins if output fd closed

Bryce Harrington 1986521 at bugs.launchpad.net
Thu Dec 1 03:02:12 UTC 2022 

I've reproduced the issue and confirmed the PPA fixes it, as expected.

** Description changed:

+ [Test Case]
+ $ lxc launch ubuntu-daily:jammy ssh-cpu
+ $ lxc shell ssh-cpu
+ 
+ # passwd -d root
+ # ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa
+ 
+ # cat << EOF >>/etc/ssh/ssh_config
+ StrictHostKeyChecking accept-new
+ EOF
+ 
+ # sed -ri 's/^PasswordAuthentication/#PasswordAuthentication/' /etc/ssh/sshd_config
+ # cat << EOF >>/etc/ssh/sshd_config
+ PermitRootLogin yes
+ PubkeyAuthentication yes
+ PermitEmptyPasswords yes
+ PasswordAuthentication yes
+ ChallengeResponseAuthentication no
+ UsePAM no
+ EOF
+ 
+ # systemctl restart sshd
+ 
+ # ssh localhost 2> >({exec 1>&2})
+ 
+ 
+ You can shell into the container from a second terminal and use "htop"
+ to verify that ssh is using 100% of one of the CPU cores:
+ 
+ $ lxc shell ssh-cpu
+ # htop
+ 
+ This should show one CPU pegged at 100% due to the 'ssh localhost'
+ process
+ 
+ Next, return to the first terminal, exit out of the sub-ssh session and
+ install the fix:
+ 
+ # logout
+ # add-apt-repository -yus ppa:bryce/openssh-sru-lp1986521
+ # apt-get full-upgrade -y
+ 
+ Now repeat the test in the first terminal window, while viewing htop in
+ the second terminal:
+ 
+ # ssh localhost 2> >({exec 1>&2})
+ 
+ [Original Report]
  The OpenSSH package 8.9p1 as shipped with U22.04 (8.9p1-3) suffers from the bug described at
  https://bugzilla.mindrot.org/show_bug.cgi?id=3411 and https://bugzilla.mindrot.org/show_bug.cgi?id=3405
  
  A command such as "xterm -e 'ssh -f remote.host sleep 60'" will pop up
  an xterm, ask for whatever authentication is needed, close the xterm,
  and leave the ssh client spinning consuming CPU time for 60 seconds
  before it exits. It should leave the ssh client idle for 60 seconds.
  Many uses of ssh to launch graphical applications will be caught by this
  bug.
  
  This is fixed in OpenSSH 9.0p1 as the first bugfix listed in its release
  notes at https://www.openssh.com/txt/release-9.0

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1986521

Title:
  ssh client spins if output fd closed

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Jammy:
  Triaged

Bug description:
  [Test Case]
  $ lxc launch ubuntu-daily:jammy ssh-cpu
  $ lxc shell ssh-cpu

  # passwd -d root
  # ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa

  # cat << EOF >>/etc/ssh/ssh_config
  StrictHostKeyChecking accept-new
  EOF

  # sed -ri 's/^PasswordAuthentication/#PasswordAuthentication/' /etc/ssh/sshd_config
  # cat << EOF >>/etc/ssh/sshd_config
  PermitRootLogin yes
  PubkeyAuthentication yes
  PermitEmptyPasswords yes
  PasswordAuthentication yes
  ChallengeResponseAuthentication no
  UsePAM no
  EOF

  # systemctl restart sshd

  # ssh localhost 2> >({exec 1>&2})

  
  You can shell into the container from a second terminal and use "htop"
  to verify that ssh is using 100% of one of the CPU cores:

  $ lxc shell ssh-cpu
  # htop

  This should show one CPU pegged at 100% due to the 'ssh localhost'
  process

  Next, return to the first terminal, exit out of the sub-ssh session and
  install the fix:

  # logout
  # add-apt-repository -yus ppa:bryce/openssh-sru-lp1986521
  # apt-get full-upgrade -y

  Now repeat the test in the first terminal window, while viewing htop in
  the second terminal:

  # ssh localhost 2> >({exec 1>&2})

  [Original Report]
  The OpenSSH package 8.9p1 as shipped with U22.04 (8.9p1-3) suffers from the bug described at
  https://bugzilla.mindrot.org/show_bug.cgi?id=3411 and https://bugzilla.mindrot.org/show_bug.cgi?id=3405

  A command such as "xterm -e 'ssh -f remote.host sleep 60'" will pop up
  an xterm, ask for whatever authentication is needed, close the xterm,
  and leave the ssh client spinning consuming CPU time for 60 seconds
  before it exits. It should leave the ssh client idle for 60 seconds.
  Many uses of ssh to launch graphical applications will be caught by
  this bug.

  This is fixed in OpenSSH 9.0p1 as the first bugfix listed in its
  release notes at https://www.openssh.com/txt/release-9.0

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1986521/+subscriptions

More information about the foundations-bugs mailing list