Thread: [Sshpass-devel] sshpass at HPUX 11.31
Brought to you by:
thesun
From: LI M. <Mic...@sw...> - 2017-08-29 20:23:10
Attachments:
smime.p7s
|
Hi, Does anyone successfully run sshpass at HPUX 11.31 ? I've compiled sshpass 1.06 at HPUX 1131, but when I run it, I got errors. The command I run : $ sshpass -p Abcd1234 ssh -vvv nledfd02 date; The error message in the console output : debug1: read_passphrase: can't open /dev/tty: No such device or address debug3: packet_send2: adding 64 (len 50 padlen 14 extra_pad 64) debug2: we sent a password packet, wait for reply debug1: Authentications that can continue: password,keyboard-interactive Permission denied, please try again. debug1: read_passphrase: can't open /dev/tty: No such device or address debug3: packet_send2: adding 64 (len 50 padlen 14 extra_pad 64) debug2: we sent a password packet, wait for reply Received disconnect from 10.8.65.51: 2: Too many authentication failures for test1 The error message in sshd output : root@NLEDFD02 [/tmp/sshpass/sshpass105] # /opt/ssh/sbin/sshd -d Postponed keyboard-interactive for test1 from 10.8.65.51 port 52444 ssh2 [preauth] PAM: Authentication failed for test1 from 10.8.65.51 Failed keyboard-interactive/pam for test1 from 10.8.65.51 port 52444 ssh2 debug1: Entering record_failed_login uid 0 debug1: audit event euid 0 user test1 event 5 (AUTH_FAIL_KBDINT) debug1: aud_sav_flag=1 debug1: userauth-request for user test1 service ssh-connection method password [preauth] debug1: attempt 4 failures 3 [preauth] Failed none for test1 from 10.8.65.51 port 52444 ssh2 debug1: audit event euid 0 user test1 event 3 (AUTH_FAIL_NONE) debug1: userauth-request for user test1 service ssh-connection method password [preauth] debug1: attempt 5 failures 4 [preauth] Failed password for test1 from 10.8.65.51 port 52444 ssh2 debug1: Entering record_failed_login uid 0 debug1: audit event euid 0 user test1 event 4 (AUTH_FAIL_PASSWD) debug1: aud_sav_flag=1 Disconnecting: Too many authentication failures for test1 [preauth] debug1: do_cleanup [preauth] debug1: monitor_read_log: child log fd closed debug1: audit event euid 0 user test1 event 0 (LOGIN_EXCEED_MAXTRIES) debug1: aud_sav_flag=1 debug1: do_cleanup debug1: PAM: cleanup debug1: Killing privsep child 21704 debug1: audit event euid 0 user test1 event 12 (CONNECTION_ABANDON) debug1: aud_sav_flag=1 root@NLEDFD02 [/tmp/sshpass/sshpass105] # uname -a HP-UX NLEDFD02 B.11.31 U ia64 3687447314 unlimited-user license root@NLEDFD02 [/tmp/sshpass/sshpass105] # cc -V (Bundled) cc: HP C/aC++ B3910B A.06.12 [Oct 11 2006] root@NLEDFD02 [/tmp/sshpass/sshpass105] # ssh -version OpenSSH_6.2p1+sftpfilecontrol-v1.3-hpn13v12, OpenSSL 0.9.8y 5 Feb 2013 HP-UX Secure Shell-A.06.20.006, HP-UX Secure Shell version Thanks and regards. Michael Li SWIFT | Security Infrastructure, Messaging Solutions Tel: +1 703 365 6136 <http://www.swift.com/> www.swift.com This e-mail and any attachments thereto may contain information which is confidential and/or proprietary and intended for the sole use of the recipient(s) named above. If you have received this e-mail in error, please immediately notify the sender and delete the mail. Thank you for your co-operation. SWIFT reserves the right to retain e-mail messages on its systems and, under circumstances permitted by applicable law, to monitor and intercept e-mail messages to and from its systems. |
From: Shachar S. <sh...@sh...> - 2017-09-01 17:48:31
|
On 29/08/17 22:47, LI Michael via Sshpass-devel wrote: > > Hi, > > > > Does anyone successfully run sshpass at HPUX 11.31 ? > > > > I’ve compiled sshpass 1.06 at HPUX 1131, but when I run it, I got errors. > > The command I run : > > $ sshpass -p Abcd1234 ssh -vvv nledfd02 date; > > > > The error message in the console output : > > debug1: read_passphrase: can't open /dev/tty: No such device or address > Does HPUX have strace? Maybe some similar tool that logs system calls that a process performs? If so, please send me the output of what system calls sshpass is issuing. Thanks, Shachar > > debug3: packet_send2: adding 64 (len 50 padlen 14 extra_pad 64) > > debug2: we sent a password packet, wait for reply > > debug1: Authentications that can continue: password,keyboard-interactive > > Permission denied, please try again. > > debug1: read_passphrase: can't open /dev/tty: No such device or address > > debug3: packet_send2: adding 64 (len 50 padlen 14 extra_pad 64) > > debug2: we sent a password packet, wait for reply > > Received disconnect from 10.8.65.51: 2: Too many authentication > failures for test1 > > > > The error message in sshd output : > > root@NLEDFD02 [/tmp/sshpass/sshpass105] > > # /opt/ssh/sbin/sshd -d > > > > Postponed keyboard-interactive for test1 from 10.8.65.51 port 52444 > ssh2 [preauth] > > PAM: Authentication failed for test1 from 10.8.65.51 > > Failed keyboard-interactive/pam for test1 from 10.8.65.51 port 52444 ssh2 > > debug1: Entering record_failed_login uid 0 > > debug1: audit event euid 0 user test1 event 5 (AUTH_FAIL_KBDINT) > > debug1: aud_sav_flag=1 > > debug1: userauth-request for user test1 service ssh-connection method > password [preauth] > > debug1: attempt 4 failures 3 [preauth] > > Failed none for test1 from 10.8.65.51 port 52444 ssh2 > > debug1: audit event euid 0 user test1 event 3 (AUTH_FAIL_NONE) > > debug1: userauth-request for user test1 service ssh-connection method > password [preauth] > > debug1: attempt 5 failures 4 [preauth] > > Failed password for test1 from 10.8.65.51 port 52444 ssh2 > > debug1: Entering record_failed_login uid 0 > > debug1: audit event euid 0 user test1 event 4 (AUTH_FAIL_PASSWD) > > debug1: aud_sav_flag=1 > > Disconnecting: Too many authentication failures for test1 [preauth] > > debug1: do_cleanup [preauth] > > debug1: monitor_read_log: child log fd closed > > debug1: audit event euid 0 user test1 event 0 (LOGIN_EXCEED_MAXTRIES) > > debug1: aud_sav_flag=1 > > debug1: do_cleanup > > debug1: PAM: cleanup > > debug1: Killing privsep child 21704 > > debug1: audit event euid 0 user test1 event 12 (CONNECTION_ABANDON) > > debug1: aud_sav_flag=1 > > > > > > root@NLEDFD02 [/tmp/sshpass/sshpass105] > > # uname -a > > HP-UX NLEDFD02 B.11.31 U ia64 3687447314 unlimited-user license > > > > root@NLEDFD02 [/tmp/sshpass/sshpass105] > > # cc -V > > (Bundled) cc: HP C/aC++ B3910B A.06.12 [Oct 11 2006] > > > > root@NLEDFD02 [/tmp/sshpass/sshpass105] > > # ssh -version > > OpenSSH_6.2p1+sftpfilecontrol-v1.3-hpn13v12, OpenSSL 0.9.8y 5 Feb 2013 > > HP-UX Secure Shell-A.06.20.006, HP-UX Secure Shell version > > > > Thanks and regards. > > Michael Li > > > > SWIFT | Security Infrastructure, Messaging Solutions > Tel: +1 703 365 6136 > www.swift.com <http://www.swift.com/> > > This e-mail and any attachments thereto may contain information which > is confidential and/or proprietary and intended for the sole use of > the recipient(s) named above. If you have received this e-mail in > error, please immediately notify the sender and delete the mail. > Thank you for your co-operation. SWIFT reserves the right to retain > e-mail messages on its systems and, under circumstances permitted by > applicable law, to monitor and intercept e-mail messages to and from > its systems. > > > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > _______________________________________________ > Sshpass-devel mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshpass-devel |
From: Shachar S. <sh...@sh...> - 2017-09-01 18:51:54
|
On 29/08/17 22:47, LI Michael via Sshpass-devel wrote: > > Hi, > > > > Does anyone successfully run sshpass at HPUX 11.31 ? > > > > I’ve compiled sshpass 1.06 at HPUX 1131, but when I run it, I got errors. > > The command I run : > > $ sshpass -p Abcd1234 ssh -vvv nledfd02 date; > > > Following my previous email, it appears HPUX has tusc: > *HP-UX* > For HP-UX, tusc can be downloaded from the HP web site www.hp.com > <http://www.hp.com> at the Porting and Archiving Center and installed > on your HP-UX system. To put tusc on the path, for bourne shell, > type, for tusc installed in /usr/local/bin: > "PATH=$PATH:/usr/local/bin;export PATH" and for C shell, type "setenv > PATH {$PATH}:/usr/local/bin. > > to run tusc, type > tusc -f -o <full path name to output file> <program name and any > arguments> > > This will give the default output for tusc. To get information about > all the options for tusc, type "tusc -h". > > http://knowledgebase.progress.com/articles/Article/3669 Please use it on sshpass and let me know what the output is. Thanks, Shachar |
From: Shachar S. <sh...@sh...> - 2017-09-03 14:07:30
|
On 02/09/17 00:39, LI Michael wrote: > > > > Hi Shemesh, > > > > Thank you very much for your reply. > > > > Please see the attached tusc output, tusc.out. > > > > I ran the command as follows : > > > > /test1@host1234 [/home/test1] $/tmp/tusc/tusc.ksh > "/tmp/sshpass/sshpass-1.06/sshpass -p Xyza1234 ssh -vvv host1234 date"/ > > / / > > /root@host1234 [/tmp/tusc]/ > > /# cat tusc.ksh/ > > //usr/contrib/bin/tusc -a -e -k -E -f -F -h -l -n -p -r all -R -T -u > -v -w all -o /tmp/tusc/tusc.out $1/ > > / / > > > > Thanks and regards. > > Michael Li > > > Here's what I see in the traces you sent me: -u [/tmp/sshpass][14066]{3783827} fork() ................... (returning as child ...) ......... = 14064 {3783821} The child process is 14066. -u [/tmp/sshpass][14066]{3783827} setpgrp3(2) ................................................. [entry] -u [/tmp/sshpass][14066]{3783827} setpgrp3(2) ................................................. = 14066 Start a new session, disconnecting from the previous TTY -u [/tmp/sshpass][14066]{3783827} open(0x400132d0, O_RDWR, 01210) ............................. [entry] -u [/tmp/sshpass][14066]{3783827} open("/dev/pts/5", O_RDWR, 01210) ........................... = 6 Open /dev/pts/5 with the flags O_RDWR. According to Posix, at this point pts/5 is supposed to become the controlling terminal for the new process. This, obviously, does not happen. At this point I need to return the responsibility to this problem to you. As far as I can tell, the process is not behaving the way it should. I have no tools for investigating this any further than that. If you can find out why opening a TTY device does not turn it into the controlling TTY of the process, please do let me know, and I can work that into sshpass. Shachar |
From: LI M. <Mic...@sw...> - 2017-11-01 15:23:23
|
Hi Shemesh, Thank you very much for your reply. I’ve forwarded your analysis to HP support, Based on their suggestions, I’ve done some tests, still no luck. Please see the mail I sent to HP support. Thanks and regards. Michael Li SWIFT | Security Infrastructure, Messaging Solutions Tel: +1 703 365 6136 www.swift.com <http://www.swift.com/> This e-mail and any attachments thereto may contain information which is confidential and/or proprietary and intended for the sole use of the recipient(s) named above. If you have received this e-mail in error, please immediately notify the sender and delete the mail. Thank you for your co-operation. SWIFT reserves the right to retain e-mail messages on its systems and, under circumstances permitted by applicable law, to monitor and intercept e-mail messages to and from its systems. From: LI Michael Sent: Wednesday, November 01, 2017 10:57 AM Subject: RE: [Sshpass-devel] sshpass at HPUX 11.31 Hi Fluyt, Thank you very much for your suggestions. I have done the various combinations, no luck. Please see the testing results below. Any suggestions? commented out results error message tusc file close( slavept ); close( masterpt ); Failed read_passphrase: can't open /dev/tty: No such device or address tusc.out_close_slavept_masterpt setsid(); close( slavept ); close( masterpt ); Failed debug2: input_userauth_info_req: num_prompts 1 Password: Abcd1234 debug3: packet_send2: adding 32 (len 22 padlen 10 extra_pad 64) Read from socket failed: Connection reset by peer tusc.out_setsid_close_slavept_masterpt setsid(); Success(*) debug2: input_userauth_info_req: num_prompts 1 Password: Abcd1234 debug3: packet_send2: adding 32 (len 22 padlen 10 extra_pad 64) … Wed Nov 1 13:47:41 GMT 2017 … debug1: Exit status 0 tusc.out_setsid setsid(); close( slavept ); Success(*) debug2: input_userauth_info_req: num_prompts 1 Password: Abcd1234 debug3: packet_send2: adding 32 (len 22 padlen 10 extra_pad 64) … Wed Nov 1 13:50:35 GMT 2017 … debug1: Exit status 0 tusc.out_setsid_close_slavept setsid(); close( masterpt ); Success(*) debug2: input_userauth_info_req: num_prompts 1 Password: Abcd1234 debug3: packet_send2: adding 32 (len 22 padlen 10 extra_pad 64) … Wed Nov 1 13:52:51 GMT 2017 … debug1: Exit status 0 tusc.out_setsid_close_masterpt Success(*) means that even though get the correct date back, I have to type password interactively, unable to exit the process in the end, it must be killed by using "kill" command. /tmp/mli/tusc.ksh "/tmp/sshpass/sshpass-1.06/sshpass -p Abcd1234 ssh -vvv nledfd02 date" $ cat /tmp/mli/tusc.ksh /usr/contrib/bin/tusc -a -e -k -E -f -F -h -l -n -p -r all -R -T -u -v -w all -o /tmp/tusc/tusc.out $1 For the tusc files, please see the attached sshpass_tusc.z_ip. C:\CShared\SSHLite\sshpass>unzip -l sshpass_tusc.zip Archive: sshpass_tusc.zip Length Date Time Name --------- ---------- ----- ---- 1458612 11/01/2017 09:20 tusc.out_close_slavept_masterpt 1498879 11/01/2017 09:47 tusc.out_setsid 1498255 11/01/2017 09:52 tusc.out_setsid_close_masterpt 1498549 11/01/2017 09:50 tusc.out_setsid_close_slavept 1450065 11/01/2017 09:44 tusc.out_setsid_close_slavept_masterpt --------- ------- Thanks and regards. Michael Li SWIFT | Security Infrastructure, Messaging Solutions Tel: +1 703 365 6136 www.swift.com <http://www.swift.com/> This e-mail and any attachments thereto may contain information which is confidential and/or proprietary and intended for the sole use of the recipient(s) named above. If you have received this e-mail in error, please immediately notify the sender and delete the mail. Thank you for your co-operation. SWIFT reserves the right to retain e-mail messages on its systems and, under circumstances permitted by applicable law, to monitor and intercept e-mail messages to and from its systems. From: Fluyt, Andre Sent: Wednesday, October 25, 2017 8:35 AM To: LI Michael Subject: RE: [Sshpass-devel] sshpass at HPUX 11.31 ----------------------------------------------------------------------------- This message originates from outside our organisation. Please be extra vigilant before you click on a link, open attachments or reply. ----------------------------------------------------------------------------- Hi Michael, Thanks. At least I can now see the exact same symptom as you observed. Reading the comment in the source, it looks like the developer has struggled getting the tty as controlling terminal working. There is a piece of source code that I don’t understand the logic of. ... int childpid=fork(); if( childpid==0 ) { // Child // Detach us from the current TTY setsid(); // This line makes the ptty our controlling tty. We do not otherwise need it open slavept=open(name, O_RDWR ); close( slavept ); close( masterpt ); .... This results in this tusc trace output : ... fork() ....................................................................................... = 13356 fork() .................................................... (returning as child ...) ......... = 13354 setpgrp3(2) .................................................................................. = 13356 open("/dev/pts/0", O_RDWR|O_NOCTTY, 024700) .................................................. = 6 open("/dev/pts/0", O_RDWR, 01210) ............................................................ = 6 sigprocmask(SIG_SETMASK, 0x7ffff0c0, NULL) ................................................... = 0 close(6) ..................................................................................... = 0 close(4) ..................................................................................... = 0.. Now, if we look at the documentation : The Controlling Terminal A terminal can belong to a process as its controlling terminal. Each process of a session that has a controlling terminal has the same controlling terminal. A terminal can be the controlling terminal for at most one session. The controlling terminal for a session is allocated by the session leader. If a session leader has no controlling terminal and opens a terminal device file that is not already associated with a session without using the O_NOCTTY option (see open(2), the terminal becomes the controlling terminal of the session and the controlling terminal’s foreground process group is set to the process group of the session leader. While a controlling terminal is associated with a session, the session leader is said to be the controlling process of the controlling terminal. The controlling terminal is inherited by a child process during a fork() (see fork(2)). A process relinquishes its controlling terminal if it creates a new session with setsid() or setpgrp() (see setsid(2) and setpgrp(2)), or when all file descriptors associated with the controlling terminal have been closed. When the controlling process terminates, the controlling terminal is disassociated from the current session, allowing it to be acquired by a new session leader. A SIGHUP signal is sent to all processes in the foreground process group of the controlling terminal. Subsequent access to the terminal by other processes in the earlier session can be denied (see Terminal Access Control) with attempts to access the terminal treated as if a modem disconnect had been sensed. So, the child does a ‘setsid()’ call which creates a new session and makes the child the session group leader, thereby relinquishing the controlling terminal. The developer states that the line : “slavept=open(name, O_RDWR );” should make the tty the controlling terminal for the child process. Ok, fair enough, but why does he then immediately close the slavept & masterpt ? See the yellow highlights in the documentation paragraph. What I would suggest is that you recompile without the closing of slavept & masterpt in the child process. See if that works. Also, I don’t understand why we need to detach from the TTY by doing setsid(). Another test could be to leave out the setsid() call. Normally a child process inherits the controlling terminal from its parent. Best regards. Andre Fluyt Technical Account Manager Customer Solution Center hpesm_pri_grn_pos_email_011116 From: Shachar Shemesh [mailto:sh...@sh...] Sent: Sunday, September 03, 2017 10:07 AM To: LI Michael Cc: SSHPass Development Subject: Re: [Sshpass-devel] sshpass at HPUX 11.31 ----------------------------------------------------------------------------- This message originates from outside our organisation. Please be extra vigilant before you click on a link, open attachments or reply. ----------------------------------------------------------------------------- On 02/09/17 00:39, LI Michael wrote: Hi Shemesh, Thank you very much for your reply. Please see the attached tusc output, tusc.out. I ran the command as follows : test1@host1234 [/home/test1] $/tmp/tusc/tusc.ksh "/tmp/sshpass/sshpass-1.06/sshpass -p Xyza1234 ssh -vvv host1234 date" root@host1234 [/tmp/tusc] # cat tusc.ksh /usr/contrib/bin/tusc -a -e -k -E -f -F -h -l -n -p -r all -R -T -u -v -w all -o /tmp/tusc/tusc.out $1 Thanks and regards. Michael Li Here's what I see in the traces you sent me: -u [/tmp/sshpass][14066]{3783827} fork() ................... (returning as child ...) ......... = 14064 {3783821} The child process is 14066. -u [/tmp/sshpass][14066]{3783827} setpgrp3(2) ................................................. [entry] -u [/tmp/sshpass][14066]{3783827} setpgrp3(2) ................................................. = 14066 Start a new session, disconnecting from the previous TTY -u [/tmp/sshpass][14066]{3783827} open(0x400132d0, O_RDWR, 01210) ............................. [entry] -u [/tmp/sshpass][14066]{3783827} open("/dev/pts/5", O_RDWR, 01210) ........................... = 6 Open /dev/pts/5 with the flags O_RDWR. According to Posix, at this point pts/5 is supposed to become the controlling terminal for the new process. This, obviously, does not happen. At this point I need to return the responsibility to this problem to you. As far as I can tell, the process is not behaving the way it should. I have no tools for investigating this any further than that. If you can find out why opening a TTY device does not turn it into the controlling TTY of the process, please do let me know, and I can work that into sshpass. Shachar |
From: Shachar S. <sh...@sh...> - 2017-11-04 18:29:12
|
Hello Michael, I think I understand now. The problem is that, on HPUX, closing all file descriptors for the controlling TTY disconnect the process. As far as I can tell, this is a HPUX idiosyncrasy, and is not defined in Posix or, for that matter, any other Unix whose man page I could lay my hand on. Due solely to my curiosity, I wonder whether it is possible to break, using Ctrl-C, the following (bourne shell) command line: $ sleep 20 >/dev/null 2>&1 </dev/null On Linux, pressing Ctrl-C aborts the sleep. Does it do so on HPUX? I'll try to get a patch out to you in the coming couple of days. Thanks, Shachar On 01/11/2017 17:10, LI Michael wrote: > Hi Shemesh, > > Thank you very much for your reply. > > I've forwarded your analysis to HP support, > > Based on their suggestions, I've done some tests, still no luck. > > Please see the mail I sent to HP support. > > Thanks and regards. > > Michael Li > > SWIFT | Security Infrastructure, Messaging Solutions > Tel: +1 703 365 6136 > www.swift.com [1] > > This e-mail and any attachments thereto may contain information which is confidential and/or proprietary and intended for the sole use of the recipient(s) named above. If you have received this e-mail in error, please immediately notify the sender and delete the mail. Thank you for your co-operation. SWIFT reserves the right to retain e-mail messages on its systems and, under circumstances permitted by applicable law, to monitor and intercept e-mail messages to and from its systems. > > FROM: LI Michael > SENT: Wednesday, November 01, 2017 10:57 AM > SUBJECT: RE: [Sshpass-devel] sshpass at HPUX 11.31 > > Hi Fluyt, > > Thank you very much for your suggestions. > > I have done the various combinations, no luck. > > Please see the testing results below. Any suggestions? > > COMMENTED OUT > > RESULTS > > ERROR MESSAGE > > TUSC FILE > > close( slavept ); > close( masterpt ); > > Failed > > read_passphrase: can't open /dev/tty: No such device or address > > tusc.out_close_slavept_masterpt > > setsid(); > close( slavept ); > close( masterpt ); > > Failed > > debug2: input_userauth_info_req: num_prompts 1 > Password: Abcd1234 > debug3: packet_send2: adding 32 (len 22 padlen 10 extra_pad 64) > Read from socket failed: Connection reset by peer > > tusc.out_setsid_close_slavept_masterpt > > setsid(); > > Success(*) > > debug2: input_userauth_info_req: num_prompts 1 > Password: Abcd1234 > debug3: packet_send2: adding 32 (len 22 padlen 10 extra_pad 64) > ... > Wed Nov 1 13:47:41 GMT 2017 > ... > debug1: Exit status 0 > > tusc.out_setsid > > setsid(); > close( slavept ); > > Success(*) > > debug2: input_userauth_info_req: num_prompts 1 > Password: Abcd1234 > debug3: packet_send2: adding 32 (len 22 padlen 10 extra_pad 64) > ... > Wed Nov 1 13:50:35 GMT 2017 > ... > debug1: Exit status 0 > > tusc.out_setsid_close_slavept > > setsid(); > close( masterpt ); > > Success(*) > > debug2: input_userauth_info_req: num_prompts 1 > Password: Abcd1234 > debug3: packet_send2: adding 32 (len 22 padlen 10 extra_pad 64) > ... > Wed Nov 1 13:52:51 GMT 2017 > ... > debug1: Exit status 0 > > tusc.out_setsid_close_masterpt > > Success(*) means that even though get the correct date back, I have to type password interactively, unable to exit the process in the end, it must be killed by using "kill" command. > > /tmp/mli/tusc.ksh "/tmp/sshpass/sshpass-1.06/sshpass -p Abcd1234 ssh -vvv nledfd02 date" > > $ cat /tmp/mli/tusc.ksh > > /usr/contrib/bin/tusc -a -e -k -E -f -F -h -l -n -p -r all -R -T -u -v -w all -o /tmp/tusc/tusc.out $1 > > For the tusc files, please see the attached sshpass_tusc.z_ip. > > _C:CSharedSSHLitesshpass>unzip -l sshpass_tusc.zip_ > > _Archive: sshpass_tusc.zip_ > > _ Length Date Time Name_ > > _--------- ---------- ----- ----_ > > _ 1458612 11/01/2017 09:20 tusc.out_close_slavept_masterpt_ > > _ 1498879 11/01/2017 09:47 tusc.out_setsid_ > > _ 1498255 11/01/2017 09:52 tusc.out_setsid_close_masterpt_ > > _ 1498549 11/01/2017 09:50 tusc.out_setsid_close_slavept_ > > _ 1450065 11/01/2017 09:44 tusc.out_setsid_close_slavept_masterpt_ > > _--------- -------_ > > Thanks and regards. > > Michael Li > > SWIFT | Security Infrastructure, Messaging Solutions > Tel: +1 703 365 6136 > www.swift.com [1] > > This e-mail and any attachments thereto may contain information which is confidential and/or proprietary and intended for the sole use of the recipient(s) named above. If you have received this e-mail in error, please immediately notify the sender and delete the mail. Thank you for your co-operation. SWIFT reserves the right to retain e-mail messages on its systems and, under circumstances permitted by applicable law, to monitor and intercept e-mail messages to and from its systems. > > FROM: Fluyt, Andre > SENT: Wednesday, October 25, 2017 8:35 AM > TO: LI Michael > > SUBJECT: RE: [Sshpass-devel] sshpass at HPUX 11.31 > > ----------------------------------------------------------------------------- > This message originates from outside our organisation. Please be > extra vigilant before you click on a link, open attachments or reply. > ----------------------------------------------------------------------------- > > Hi Michael, > > Thanks. At least I can now see the exact same symptom as you observed. > > Reading the comment in the source, it looks like the developer has struggled getting the tty as controlling terminal working. > > There is a piece of source code that I don't understand the logic of. > > _..._ > > _int childpid=fork();_ > > _ if( childpid==0 ) {_ > > _ // Child_ > > _ _ > > _ // Detach us from the current TTY_ > > _ setsid();_ > > _ // This line makes the ptty our controlling tty. We do not otherwise need it open_ > > _ slavept=open(name, O_RDWR );_ > > _ close( slavept );_ > > _ _ > > _ close( masterpt );_ > > _...._ > > _ _ > > _ _ > > This results in this tusc trace output : > > ... > > fork() ....................................................................................... = 13356 > > fork() .................................................... (returning as child ...) ......... = 13354 > > setpgrp3(2) .................................................................................. = 13356 > > open("/dev/pts/0", O_RDWR|O_NOCTTY, 024700) .................................................. = 6 > > open("/dev/pts/0", O_RDWR, 01210) ............................................................ = 6 > > sigprocmask(SIG_SETMASK, 0x7ffff0c0, NULL) ................................................... = 0 > > close(6) ..................................................................................... = 0 > > close(4) ..................................................................................... = 0.. > > Now, if we look at the documentation : > > The Controlling Terminal A terminal can belong to a process as its controlling terminal. Each process of a session that has a controlling terminal has the same controlling terminal. A terminal can be the controlling terminal for at most one session. The controlling terminal for a session is allocated by the session leader. If a session leader has no controlling terminal and opens a terminal device file that is not already associated with a session without using the O_NOCTTY option (see open(2), the terminal becomes the controlling terminal of the session and the controlling terminal's foreground process group is set to the process group of the session leader. While a controlling terminal is associated with a session, the session leader is said to be the controlling process of the controlling terminal. The controlling terminal is inherited by a child process during a fork() (see fork(2)). A process relinquishes its controlling terminal if it creates a new session with setsid() or setpgrp() (see setsid(2) and setpgrp(2)), or when all file descriptors associated with the controlling terminal have been closed. When the controlling process terminates, the controlling terminal is disassociated from the current session, allowing it to be acquired by a new session leader. A SIGHUP signal is sent to all processes in the foreground process group of the controlling terminal. Subsequent access to the terminal by other processes in the earlier session can be denied (see Terminal Access Control) with attempts to access the terminal treated as if a modem disconnect had been sensed. > > So, the child does a 'setsid()' call which creates a new session and makes the child the session group leader, thereby relinquishing the controlling terminal. > > The developer states that the line : "_slavept=open(name, O_RDWR );" _should make the tty the controlling terminal for the child process. > > Ok, fair enough, but why does he then immediately close the slavept & masterpt ? > > See the yellow highlights in the documentation paragraph. > > What I would suggest is that you recompile without the closing of slavept & masterpt in the child process. See if that works. > > Also, I don't understand why we need to detach from the TTY by doing setsid(). Another test could be to leave out the setsid() call. Normally a child process inherits the controlling terminal from its parent. > > Best regards. > > Andre Fluyt > Technical Account Manager > Customer Solution Center > > FROM: Shachar Shemesh [mailto:sh...@sh...] > SENT: Sunday, September 03, 2017 10:07 AM > TO: LI Michael > CC: SSHPass Development > SUBJECT: Re: [Sshpass-devel] sshpass at HPUX 11.31 > > ----------------------------------------------------------------------------- > This message originates from outside our organisation. Please be > extra vigilant before you click on a link, open attachments or reply. > ----------------------------------------------------------------------------- > > On 02/09/17 00:39, LI Michael wrote: > > Hi Shemesh, > > Thank you very much for your reply. > > Please see the attached tusc output, tusc.out. > > I ran the command as follows : > > _test1@host1234 [/home/test1] $/tmp/tusc/tusc.ksh "/tmp/sshpass/sshpass-1.06/sshpass -p Xyza1234 ssh -vvv host1234 date"_ > > _ _ > > _root@host1234 [/tmp/tusc]_ > > _# cat tusc.ksh_ > > _/usr/contrib/bin/tusc -a -e -k -E -f -F -h -l -n -p -r all -R -T -u -v -w all -o /tmp/tusc/tusc.out $1_ > > _ _ > > Thanks and regards. > > Michael Li > > Here's what I see in the traces you sent me: > > -u [/tmp/sshpass][14066]{3783827} fork() ................... (returning as child ...) ......... = 14064 {3783821} > > The child process is 14066. > > -u [/tmp/sshpass][14066]{3783827} setpgrp3(2) ................................................. [entry] > -u [/tmp/sshpass][14066]{3783827} setpgrp3(2) ................................................. = 14066 > > Start a new session, disconnecting from the previous TTY > > -u [/tmp/sshpass][14066]{3783827} open(0x400132d0, O_RDWR, 01210) ............................. [entry] > -u [/tmp/sshpass][14066]{3783827} open("/dev/pts/5", O_RDWR, 01210) ........................... = 6 > > Open /dev/pts/5 with the flags O_RDWR. According to Posix, at this point pts/5 is supposed to become the controlling terminal for the new process. This, obviously, does not happen. > > At this point I need to return the responsibility to this problem to you. As far as I can tell, the process is not behaving the way it should. I have no tools for investigating this any further than that. > > If you can find out why opening a TTY device does not turn it into the controlling TTY of the process, please do let me know, and I can work that into sshpass. > > Shachar Links: ------ [1] http://www.swift.com/ |
From: LI M. <Mic...@sw...> - 2017-11-06 14:43:40
Attachments:
smime.p7s
image001.png
|
Hi Shemesh, Thank you very much for your reply. I am greatly appreciated you will provide me a patch. I tried “sleep 20 >/dev/null 2>&1 </dev/null” on my HPUX box, pressing Ctrl-C cannot abort the sleep, but on my linux box, pressing Ctrl-C aborts the sleep. Thanks and regards. Michael Li SWIFT | Security Infrastructure, Messaging Solutions Tel: +1 703 365 6136 www.swift.com <http://www.swift.com/> This e-mail and any attachments thereto may contain information which is confidential and/or proprietary and intended for the sole use of the recipient(s) named above. If you have received this e-mail in error, please immediately notify the sender and delete the mail. Thank you for your co-operation. SWIFT reserves the right to retain e-mail messages on its systems and, under circumstances permitted by applicable law, to monitor and intercept e-mail messages to and from its systems. From: Shachar Shemesh [mailto:sh...@sh...] Sent: Saturday, November 04, 2017 2:10 PM To: LI Michael Cc: SSHPass Development Subject: Re: FW: [Sshpass-devel] sshpass at HPUX 11.31 ----------------------------------------------------------------------------- This message originates from outside our organisation. Please be extra vigilant before you click on a link, open attachments or reply. ----------------------------------------------------------------------------- Hello Michael, I think I understand now. The problem is that, on HPUX, closing all file descriptors for the controlling TTY disconnect the process. As far as I can tell, this is a HPUX idiosyncrasy, and is not defined in Posix or, for that matter, any other Unix whose man page I could lay my hand on. Due solely to my curiosity, I wonder whether it is possible to break, using Ctrl-C, the following (bourne shell) command line: $ sleep 20 >/dev/null 2>&1 </dev/null On Linux, pressing Ctrl-C aborts the sleep. Does it do so on HPUX? I'll try to get a patch out to you in the coming couple of days. Thanks, Shachar On 01/11/2017 17:10, LI Michael wrote: Hi Shemesh, Thank you very much for your reply. I've forwarded your analysis to HP support, Based on their suggestions, I've done some tests, still no luck. Please see the mail I sent to HP support. Thanks and regards. Michael Li SWIFT | Security Infrastructure, Messaging Solutions Tel: +1 703 365 6136 www.swift.com <http://www.swift.com/> This e-mail and any attachments thereto may contain information which is confidential and/or proprietary and intended for the sole use of the recipient(s) named above. If you have received this e-mail in error, please immediately notify the sender and delete the mail. Thank you for your co-operation. SWIFT reserves the right to retain e-mail messages on its systems and, under circumstances permitted by applicable law, to monitor and intercept e-mail messages to and from its systems. From: LI Michael Sent: Wednesday, November 01, 2017 10:57 AM Subject: RE: [Sshpass-devel] sshpass at HPUX 11.31 Hi Fluyt, Thank you very much for your suggestions. I have done the various combinations, no luck. Please see the testing results below. Any suggestions? commented out results error message tusc file close( slavept ); close( masterpt ); Failed read_passphrase: can't open /dev/tty: No such device or address tusc.out_close_slavept_masterpt setsid(); close( slavept ); close( masterpt ); Failed debug2: input_userauth_info_req: num_prompts 1 Password: Abcd1234 debug3: packet_send2: adding 32 (len 22 padlen 10 extra_pad 64) Read from socket failed: Connection reset by peer tusc.out_setsid_close_slavept_masterpt setsid(); Success(*) debug2: input_userauth_info_req: num_prompts 1 Password: Abcd1234 debug3: packet_send2: adding 32 (len 22 padlen 10 extra_pad 64) ... Wed Nov 1 13:47:41 GMT 2017 ... debug1: Exit status 0 tusc.out_setsid setsid(); close( slavept ); Success(*) debug2: input_userauth_info_req: num_prompts 1 Password: Abcd1234 debug3: packet_send2: adding 32 (len 22 padlen 10 extra_pad 64) ... Wed Nov 1 13:50:35 GMT 2017 ... debug1: Exit status 0 tusc.out_setsid_close_slavept setsid(); close( masterpt ); Success(*) debug2: input_userauth_info_req: num_prompts 1 Password: Abcd1234 debug3: packet_send2: adding 32 (len 22 padlen 10 extra_pad 64) ... Wed Nov 1 13:52:51 GMT 2017 ... debug1: Exit status 0 tusc.out_setsid_close_masterpt Success(*) means that even though get the correct date back, I have to type password interactively, unable to exit the process in the end, it must be killed by using "kill" command. /tmp/mli/tusc.ksh "/tmp/sshpass/sshpass-1.06/sshpass -p Abcd1234 ssh -vvv nledfd02 date" $ cat /tmp/mli/tusc.ksh /usr/contrib/bin/tusc -a -e -k -E -f -F -h -l -n -p -r all -R -T -u -v -w all -o /tmp/tusc/tusc.out $1 For the tusc files, please see the attached sshpass_tusc.z_ip. C:\CShared\SSHLite\sshpass>unzip -l sshpass_tusc.zip Archive: sshpass_tusc.zip Length Date Time Name --------- ---------- ----- ---- 1458612 11/01/2017 09:20 tusc.out_close_slavept_masterpt 1498879 11/01/2017 09:47 tusc.out_setsid 1498255 11/01/2017 09:52 tusc.out_setsid_close_masterpt 1498549 11/01/2017 09:50 tusc.out_setsid_close_slavept 1450065 11/01/2017 09:44 tusc.out_setsid_close_slavept_masterpt --------- ------- Thanks and regards. Michael Li SWIFT | Security Infrastructure, Messaging Solutions Tel: +1 703 365 6136 www.swift.com <http://www.swift.com/> This e-mail and any attachments thereto may contain information which is confidential and/or proprietary and intended for the sole use of the recipient(s) named above. If you have received this e-mail in error, please immediately notify the sender and delete the mail. Thank you for your co-operation. SWIFT reserves the right to retain e-mail messages on its systems and, under circumstances permitted by applicable law, to monitor and intercept e-mail messages to and from its systems. From: Fluyt, Andre Sent: Wednesday, October 25, 2017 8:35 AM To: LI Michael Subject: RE: [Sshpass-devel] sshpass at HPUX 11.31 ----------------------------------------------------------------------------- This message originates from outside our organisation. Please be extra vigilant before you click on a link, open attachments or reply. ----------------------------------------------------------------------------- Hi Michael, Thanks. At least I can now see the exact same symptom as you observed. Reading the comment in the source, it looks like the developer has struggled getting the tty as controlling terminal working. There is a piece of source code that I don't understand the logic of. ... int childpid=fork(); if( childpid==0 ) { // Child // Detach us from the current TTY setsid(); // This line makes the ptty our controlling tty. We do not otherwise need it open slavept=open(name, O_RDWR ); close( slavept ); close( masterpt ); .... This results in this tusc trace output : ... fork() ....................................................................................... = 13356 fork() .................................................... (returning as child ...) ......... = 13354 setpgrp3(2) .................................................................................. = 13356 open("/dev/pts/0", O_RDWR|O_NOCTTY, 024700) .................................................. = 6 open("/dev/pts/0", O_RDWR, 01210) ............................................................ = 6 sigprocmask(SIG_SETMASK, 0x7ffff0c0, NULL) ................................................... = 0 close(6) ..................................................................................... = 0 close(4) ..................................................................................... = 0.. Now, if we look at the documentation : The Controlling Terminal A terminal can belong to a process as its controlling terminal. Each process of a session that has a controlling terminal has the same controlling terminal. A terminal can be the controlling terminal for at most one session. The controlling terminal for a session is allocated by the session leader. If a session leader has no controlling terminal and opens a terminal device file that is not already associated with a session without using the O_NOCTTY option (see open(2), the terminal becomes the controlling terminal of the session and the controlling terminal's foreground process group is set to the process group of the session leader. While a controlling terminal is associated with a session, the session leader is said to be the controlling process of the controlling terminal. The controlling terminal is inherited by a child process during a fork() (see fork(2)). A process relinquishes its controlling terminal if it creates a new session with setsid() or setpgrp() (see setsid(2) and setpgrp(2)), or when all file descriptors associated with the controlling terminal have been closed. When the controlling process terminates, the controlling terminal is disassociated from the current session, allowing it to be acquired by a new session leader. A SIGHUP signal is sent to all processes in the foreground process group of the controlling terminal. Subsequent access to the terminal by other processes in the earlier session can be denied (see Terminal Access Control) with attempts to access the terminal treated as if a modem disconnect had been sensed. So, the child does a 'setsid()' call which creates a new session and makes the child the session group leader, thereby relinquishing the controlling terminal. The developer states that the line : "slavept=open(name, O_RDWR );" should make the tty the controlling terminal for the child process. Ok, fair enough, but why does he then immediately close the slavept & masterpt ? See the yellow highlights in the documentation paragraph. What I would suggest is that you recompile without the closing of slavept & masterpt in the child process. See if that works. Also, I don't understand why we need to detach from the TTY by doing setsid(). Another test could be to leave out the setsid() call. Normally a child process inherits the controlling terminal from its parent. Best regards. Andre Fluyt Technical Account Manager Customer Solution Center hpesm_pri_grn_pos_email_011116 From: Shachar Shemesh [mailto:sh...@sh...] Sent: Sunday, September 03, 2017 10:07 AM To: LI Michael Cc: SSHPass Development Subject: Re: [Sshpass-devel] sshpass at HPUX 11.31 ----------------------------------------------------------------------------- This message originates from outside our organisation. Please be extra vigilant before you click on a link, open attachments or reply. ----------------------------------------------------------------------------- On 02/09/17 00:39, LI Michael wrote: Hi Shemesh, Thank you very much for your reply. Please see the attached tusc output, tusc.out. I ran the command as follows : test1@host1234 [/home/test1] $/tmp/tusc/tusc.ksh "/tmp/sshpass/sshpass-1.06/sshpass -p Xyza1234 ssh -vvv host1234 date" root@host1234 [/tmp/tusc] # cat tusc.ksh /usr/contrib/bin/tusc -a -e -k -E -f -F -h -l -n -p -r all -R -T -u -v -w all -o /tmp/tusc/tusc.out $1 Thanks and regards. Michael Li Here's what I see in the traces you sent me: -u [/tmp/sshpass][14066]{3783827} fork() ................... (returning as child ...) ......... = 14064 {3783821} The child process is 14066. -u [/tmp/sshpass][14066]{3783827} setpgrp3(2) ................................................. [entry] -u [/tmp/sshpass][14066]{3783827} setpgrp3(2) ................................................. = 14066 Start a new session, disconnecting from the previous TTY -u [/tmp/sshpass][14066]{3783827} open(0x400132d0, O_RDWR, 01210) ............................. [entry] -u [/tmp/sshpass][14066]{3783827} open("/dev/pts/5", O_RDWR, 01210) ........................... = 6 Open /dev/pts/5 with the flags O_RDWR. According to Posix, at this point pts/5 is supposed to become the controlling terminal for the new process. This, obviously, does not happen. At this point I need to return the responsibility to this problem to you. As far as I can tell, the process is not behaving the way it should. I have no tools for investigating this any further than that. If you can find out why opening a TTY device does not turn it into the controlling TTY of the process, please do let me know, and I can work that into sshpass. Shachar |
From: Shachar S. <sh...@sh...> - 2017-11-11 15:24:05
Attachments:
hpux.patch
|
On 06/11/17 16:43, LI Michael via Sshpass-devel wrote: > > Hi Shemesh, > > Thank you very much for your reply. > > I am greatly appreciated you will provide me a patch. > > > > I tried “sleep 20 >/dev/null 2>&1 </dev/null” on my HPUX box, > pressing Ctrl-C cannot abort the sleep, but on my linux box, pressing > Ctrl-C aborts the sleep. > > > > Thanks and regards. > > Michael Li > > > > SWIFT | Security Infrastructure, Messaging Solutions > Tel: +1 703 365 6136 > www.swift.com <http://www.swift.com/> > Hi, Can you please test the attached patch and see if it solves your problem? Also, please run the program below and let me know what it prints: #include <stdio.h> int main() { #ifdef hpux printf("HPUX\n"); #else printf("Not HPUX\n"); #endif return 0; } Thanks, Shachar |
From: LI M. <Mic...@sw...> - 2017-11-13 16:31:47
Attachments:
smime.p7s
|
Hi Shemesh, I’ve tested the new patch, it still does not work, got the same error message : $ /tmp/sshpass/sshpass-1.06/sshpass -p Abcd1234 ssh -vvv nledfd02 date OpenSSH_6.2p1+sftpfilecontrol-v1.3-hpn13v12, OpenSSL 0.9.8y 5 Feb 2013 HP-UX Secure Shell-A.06.20.006, HP-UX Secure Shell version debug3: RNG is ready, skipping seeding …… debug2: input_userauth_info_req: num_prompts 1 debug1: read_passphrase: can't open /dev/tty: No such device or address debug3: packet_send2: adding 32 (len 14 padlen 18 extra_pad 64) debug1: Authentications that can continue: publickey,password,keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1 debug1: read_passphrase: can't open /dev/tty: No such device or address debug3: packet_send2: adding 32 (len 14 padlen 18 extra_pad 64) debug1: Authentications that can continue: publickey,password,keyboard-interactive debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: debug3: authmethod_is_enabled password debug1: Next authentication method: password debug1: read_passphrase: can't open /dev/tty: No such device or address debug3: packet_send2: adding 64 (len 50 padlen 14 extra_pad 64) debug2: we sent a password packet, wait for reply Received disconnect from 10.8.65.51: 2: Too many authentication failures for test1 You can use “__hpux” to distinguish HPUX and others, see below : #include <stdio.h> int main() { #ifdef hpux printf("HPUX\n"); #else printf("Not HPUX\n"); #endif return 0; } # cc -c t.c; cc -o t t.o # ./t Not HPUX #include <stdio.h> int main() { #ifdef __hpux printf("HPUX\n"); #else printf("Not HPUX\n"); #endif return 0; } # cc -c t.c; cc -o t t.o # ./t HPUX # Thanks and regards. Michael Li SWIFT | Security Infrastructure, Messaging Solutions Tel: +1 703 365 6136 www.swift.com <http://www.swift.com/> This e-mail and any attachments thereto may contain information which is confidential and/or proprietary and intended for the sole use of the recipient(s) named above. If you have received this e-mail in error, please immediately notify the sender and delete the mail. Thank you for your co-operation. SWIFT reserves the right to retain e-mail messages on its systems and, under circumstances permitted by applicable law, to monitor and intercept e-mail messages to and from its systems. From: Shachar Shemesh [mailto:sh...@sh...] Sent: Saturday, November 11, 2017 10:24 AM To: LI Michael Cc: SSHPass Development Subject: Re: [Sshpass-devel] FW: sshpass at HPUX 11.31 ----------------------------------------------------------------------------- This message originates from outside our organisation. Please be extra vigilant before you click on a link, open attachments or reply. ----------------------------------------------------------------------------- On 06/11/17 16:43, LI Michael via Sshpass-devel wrote: Hi Shemesh, Thank you very much for your reply. I am greatly appreciated you will provide me a patch. I tried “sleep 20 >/dev/null 2>&1 </dev/null” on my HPUX box, pressing Ctrl-C cannot abort the sleep, but on my linux box, pressing Ctrl-C aborts the sleep. Thanks and regards. Michael Li SWIFT | Security Infrastructure, Messaging Solutions Tel: +1 703 365 6136 www.swift.com <http://www.swift.com/> Hi, Can you please test the attached patch and see if it solves your problem? Also, please run the program below and let me know what it prints: #include <stdio.h> int main() { #ifdef hpux printf("HPUX\n"); #else printf("Not HPUX\n"); #endif return 0; } Thanks, Shachar |
From: Shachar S. <sh...@sh...> - 2017-11-18 07:51:42
|
On 13/11/2017 18:31, LI Michael via Sshpass-devel wrote: > Hi Shemesh, > > I've tested the new patch, it still does not work, got the same error message : Can you run with truss again? Make sure it traces both sshpass and the actual ssh process (i.e. - it follows child processes) Something diverts off script here, and I need to understand what. Shachar |