[ale] ssh question [solved]

Michael H. Warfield mhw at WittsEnd.com
Thu May 10 11:04:28 EDT 2012 

On Thu, 2012-05-10 at 10:05 -0400, Matthew wrote:
> http://simontekhacks.blogspot.com/2009/04/yeah-more-notes.html#links

> I wrote a how-to on ssh keys. comes in handy. 

I've done whole papers and presentations on "Securing the Secure Shell"
which included keys and key management and key auth forwarding.  Keys
are most certainly the way to go.

His problem was not related to keys vs passwords, though.  His USE of
passwords was foolish, to be kind and say it nicely, but it wasn't the
source or cause of his hang condition.  Two separate issues, one of
which he solved for himself (the hang) and one he didn't address.

Regards,
Mike
 
> On Thu, May 10, 2012 at 9:40 AM, Michael H. Warfield
> <mhw at wittsend.com> wrote:
>         On Thu, 2012-05-10 at 08:27 -0400, Edward Holcroft wrote:
>         > This is what worked:
>         
>         > $ sshpass -p '1qazxsw2' ssh -o StrictHostKeyChecking=no -t
>         > root at 192.168.50.87 "/etc/init.d/asterisk restart; sleep 5;
>         exit"
>         
>         
>         The problem you've run into is an old one that been known and
>         discussed
>         for a long time.  What happens is that sshd will not exit
>         until all the
>         fds are closed, not just that the child has exited.  This is
>         intended to
>         insure that any buffered IO has been passed back to the client
>         before
>         terminating the server end.  What has happened is that your
>         "asterisk
>         restart" process has forked off a daemon (asterisk service)
>         that has not
>         closed stdout and stderr so sshd hangs around even though the
>         script is
>         done.  By running the commands the way you did in your
>         "solution", you
>         run an extra shell to handle the chain of commands with an
>         explicit
>         exit.  There are several different ways of handling it, all
>         with their
>         pluses and minuses.
>         
>         The behavior was discussed over on the OpenSSH forums quite
>         some time
>         ago and debate invariable boils down to the conclusion -
>         "works by
>         design - not a bug - will not fix".  They blame it on the
>         daemon
>         processes which did not close out their stdout and stderr fds
>         when they
>         forked off the daemon process.
>         
>         Regards,
>         Mike
>         
>         > On Thu, May 10, 2012 at 7:59 AM, Edward Holcroft
>         <eholcroft at mkainc.com>wrote:
>         >
>         > > Morning all
>         > >
>         > > I need to run a command on an internal server that will
>         restart a given
>         > > service, in this case asterisk, without user intervention.
>         I using this:
>         > >
>         
>         > > sshpass -p '1qazxsw2' ssh -o StrictHostKeyChecking=no
>         root at 192.168.50.87/etc/init.d/asterisk restart
>         > >
>         > > The problem is this command never logs out:
>         > >
>         > > Stopping safe_asterisk: [  OK  ]
>         > > Shutting down asterisk: [  OK  ]
>         > > Starting asterisk: [  OK  ]
>         > >
>         > > .... and there it sits, until I manually close it
>         > >
>         > > I also tried using -t with the ssh command, which closes
>         the session, but
>         > > without restarting the service, even though it says it
>         did:
>         > >
>         > > $ sshpass -p '1qazxsw2' ssh -o StrictHostKeyChecking=no -t
>         > > root at 192.168.50.87 "/etc/init.d/asterisk restart"
>         > > Stopping safe_asterisk:
>          [FAILED]
>         > > Shutting down asterisk:
>          [FAILED]
>         > > Starting asterisk:
>         [  OK  ]
>         > > Connection to 192.168.50.87 closed.
>         > >
>         > > I found this article:
>         > >
>         > > http://www.snailbook.com/faq/background-jobs.auto.html
>         > >
>         > > And tried:
>         > >
>         
>         > > $ sshpass -p '1qazxsw2' ssh -o StrictHostKeyChecking=no
>         root at 192.168.50.87/etc/init.d/asterisk restart < /dev/null
>         > >
>         > > which also does not close.
>         > >
>         > > Any ideas on how I can get this to run the way I want it
>         to?
>         > >
>         > > ed
>         > > --
>         > > Edward Holcroft
>         > > Madsen Kneppers & Associates Inc.
>         > > 3020 Holcomb Bridge Rd. NW
>         > > Norcross, GA
>         > > 30071
>         > > Tel (770) 446-9606
>         > > GoogleVoice (678) 587-8649
>         > >
>         > > WARNING/CONFIDENTIALITY NOTICE:This message may be
>         confidential and/or
>         > > privileged. If you are not the intended recipient, please
>         notify the sender
>         > > immediately then delete it - you should not copy or use it
>         for any purpose
>         > > or disclose its content to any other person. Internet
>         communications are
>         > > not secure. You should scan this message and any
>         attachments for viruses.
>         > > Any unauthorized use or interception of this e-mail is
>         illegal.
>         > >
>         >
>         >
>         >
>         > --
>         > Edward Holcroft
>         > Madsen Kneppers & Associates Inc.
>         > 3020 Holcomb Bridge Rd. NW
>         > Norcross, GA
>         > 30071
>         > Tel (770) 446-9606
>         > GoogleVoice (678) 587-8649
>         >
>         > WARNING/CONFIDENTIALITY NOTICE:This message may be
>         confidential and/or
>         > privileged. If you are not the intended recipient, please
>         notify the sender
>         > immediately then delete it - you should not copy or use it
>         for any purpose
>         > or disclose its content to any other person. Internet
>         communications are
>         > not secure. You should scan this message and any attachments
>         for viruses.
>         > Any unauthorized use or interception of this e-mail is
>         illegal.
>         >
>         
>         > _______________________________________________
>         > Ale mailing list
>         > Ale at ale.org
>         > http://mail.ale.org/mailman/listinfo/ale
>         > See JOBS, ANNOUNCE and SCHOOLS lists at
>         > http://mail.ale.org/mailman/listinfo
>         
>         
>         --
>         Michael H. Warfield (AI4NB) | (770) 985-6132 |
>          mhw at WittsEnd.com
>           /\/\|=mhw=|\/\/          | (678) 463-0932 |
>          http://www.wittsend.com/mhw/
>           NIC whois: MHW9          | An optimist believes we live in
>         the best of all
>          PGP Key: 0x674627FF        | possible worlds.  A pessimist is
>         sure of it!
>         
>         _______________________________________________
>         Ale mailing list
>         Ale at ale.org
>         http://mail.ale.org/mailman/listinfo/ale
>         See JOBS, ANNOUNCE and SCHOOLS lists at
>         http://mail.ale.org/mailman/listinfo
>         
> 
> 
> 
> -- 
> SimonTek
> 912-398-6704
> 
> 
> -- 
> This message has been scanned for viruses and 
> dangerous content by MailScanner, and is 
> believed to be clean.

-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20120510/333e1bf1/attachment.bin

More information about the Ale mailing list