Re: Practical forwarding problem

To: der Mouse <mouse%Rodents.Montreal.QC.CA@localhost>
Subject: Re: Practical forwarding problem
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: 23 Sep 2005 13:34:41 +0200

der Mouse <mouse%Rodents.Montreal.QC.CA@localhost> writes:

> I'm writing the list because I'd be interested to hear if anyone else
> has dealt with the same problem, and if so how, and also interested in
> any thoughts anyone may have on it.

I have a couple of comments:

You say it's dubious to have the terminal emulator background itself.
I agree. Don't do that; if you want to have your local shell prompt
back, you should background the *local* ssh client, not the remote
terminal emulator. Some clients have a command line option "background
process after initial handshake and user authentication is complete".

> - Terminal emulator starts (opening an X connection) and backgrounds
>    itself (which looks like dying, to the server).
> - Server notices command death and sends EOF and CLOSE on A.

The server should merely generate a CHANNEL_REQUEST "exit-status" on
process death, not CHANNEL_EOF or CHANNEL_CLOSE here. (The correct
close logic is somewhat hairy, but it's not really central to what you
are asking about).

> - Server tears down forwardings for A, 'cause the channel's closed.

Whenever the session channel is closed, it makes sense to tear down
the forwardings (i.e. let existing forwarded channels live on, but
don't allow opening of any new ones, and close any related listening
sockets, etc).

> - Something running under the terminal emulator does something which
>    wants agent access, or which wants a new X connection, but the
>    forwarding is now gone!

If the session channel is dead, I think this is the correct behaviour.
Even if the server keeps its side of the forwarding open, it would
make sense for the client side to refuse to open new forwarded
channels for a closed sesssion. (And here we get into the connection
sharing issues; the client has some difficulty in handling the request
properly, since it's hard to identify a CHANNEL_OPEN request with the
session for which the corresponding forwarding was set up, in
particular if that session is dead, closed and deallocated.)

Regards,
/Niels

References:
- Practical forwarding problem
  - From: der Mouse

Prev by Date: Re: Practical forwarding problem
Next by Date: [Scott Hollenbeck] DISCUSS: draft-ietf-secsh-publickeyfile-09.txt
Previous by Thread: Re: Practical forwarding problem
Next by Thread: Re: Practical forwarding problem
Indexes:

Home | Main Index | Thread Index | Old Index