Bug 2936

Summary: ssh tries to use empty $SSH_AUTH_SOCK
Product: Portable OpenSSH Reporter: Pierre Ossman <ossman>
Component: sshAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: enhancement CC: ahmedsayeed1982, djm, jjelen
Priority: P5    
Version: 7.9p1   
Hardware: Other   
OS: Linux   
Bug Depends on:    
Bug Blocks: 2915    

Description Pierre Ossman 2018-11-29 23:50:37 AEDT 
If you do this:

> $ SSH_AUTH_SOCK= ssh foo@bar

Then ssh will try to connect to an agent at address "\0\0\0\0....", which is a perfectly legal abstract socket address on Linux.

This was discovered by the fact that irqbalance 1.5.0 happens to listen to that address:

https://github.com/Irqbalance/irqbalance/issues/85

The end result is that ssh hangs as it tries to talk to irqbalance, believing it is an SSH agent.


This is a very confusing behaviour and I would have expected an empty $SSH_AUTH_SOCK to be treated the same as if it was not set at all.
Comment 1 Jakub Jelen 2018-11-30 01:10:29 AEDT 
The following patch should take care of this:

diff --git a/authfd.c b/authfd.c
index ecdd869a..972f1b5f 100644
--- a/authfd.c
+++ b/authfd.c
@@ -94,7 +94,7 @@ ssh_get_authentication_socket(int *fdp)
 		*fdp = -1;
 
 	authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
-	if (!authsocket)
+	if (!authsocket || authsocket[0] == '\0')
 		return SSH_ERR_AGENT_NOT_PRESENT;
 
 	memset(&sunaddr, 0, sizeof(sunaddr));
Comment 2 Damien Miller 2018-12-07 13:11:32 AEDT 
Fix committed - this will be in OpenSSH 8.0
Comment 3 Damien Miller 2021-04-23 15:09:59 AEST 
closing resolved bugs as of 8.6p1 release
Comment 4 Ahmed Sayeed 2021-10-14 01:41:59 AEDT 
[spam removed]