Bug 238

Summary: sshd.pid file written AFTER key generation causes race condition
Product: Portable OpenSSH Reporter: Jay Libove <libove>
Component: sshdAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED WONTFIX    
Severity: enhancement    
Priority: P5    
Version: -current   
Hardware: All   
OS: All   

Description Jay Libove 2002-05-09 23:55:02 AEST 
The SSH Daemon writes its sshd.pid file only after it generates its ephemeral 
server key. This makes the amount of time between starting the daemon and the 
creation / update of the sshd.pid file variable, and can cause a race condition 
with e.g. /sbin/init.d scripts which start the daemon and then want to check to 
see that the start was successful.
Please move the sshd.pid create/update to happen before the generation of the 
ephemeral server key, so that the new SSH Daemon pid is written to the sshd.pid 
file very shortly after the process starts executing.
Thanks.
Comment 1 Damien Miller 2003-01-07 17:59:57 AEDT 
What if the ephemeral key generation fails (e.g. not enough entropy, etc)
Comment 2 Jay Libove 2003-01-07 23:31:16 AEDT 
There always exists the possibility that something will cause a daemon to fail 
to complete its startup, or to fail after it has started successfully.
This seems to boil down to the question: is it more important to ensure that 
every service starts successfully, or is it more important to get the system up 
and running so that other services can be offered?
I am uncertain how I feel about this question regarding SSH. SSH is a critical 
system service from an administrative point of view, and for systems which have 
interactive users other than administrators. For systems which provide 
application services but do not have users logging in directly, SSH is not 
critical.
Generally, I think I have seen a preference to daemons starting up as 
asynchronously as possible during system boot.
Also, if key generation fails due to lack of entropy, it indicates either a 
misconfiguration or a rare problem on that particular server. The current state 
(write .pid file after key generation) creates a problem for many more systems.
So, I still prefer to have the .pid file written before key generation rather 
than after.
Thanks for considering the request. Which way will you go with it?
Comment 3 Damien Miller 2003-05-17 09:44:57 AEST 
I don't think we will change the default behaviour. I think it better that we
record a pid only after the daemon is fully started up, to do otherwise would be
misleading.
Comment 4 Damien Miller 2004-04-14 12:24:18 AEST 
Mass change of RESOLVED bugs to CLOSED