Bug 2918

Summary:

ssh ConnectTimeout is obeyed only on 1st ConnectionAttempt

Product:

Portable OpenSSH

Reporter:

Vide <vide>

Component:

ssh

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

CLOSED FIXED

Severity:

normal

CC:

djm, dtucker, jik

Priority:

Version:

7.6p1

Hardware:

amd64

OS:

Linux

Bug Depends on:

Bug Blocks:

2915

Attachments:

Description	Flags
Save initial timeout and reused for 2nd and subsequent connection attempts	none

Description Vide 2018-10-16 21:41:04 AEDT

Setting the SSH option ConnectTimeout=N only works on the first ConnectionAttempts. So, if you set ConnectionAttempts=2 for example, it will time out after N second on the first attempt and wait the full, default TCP timeout on the second attempt.

Example of the error:

$ time ssh -vvvv -o ConnectTimeout=2 -o ConnectionAttempts=2 -o StrictHostKeyChecking=false -o UserKnownHostsFile=/dev/null 1.2.3.4
OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /home/vide/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "1.2.3.4" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22.
debug2: fd 3 setting O_NONBLOCK
debug1: connect to address 1.2.3.4 port 22: Connection timed out
debug1: Trying again...
debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22.
debug1: connect to address 1.2.3.4 port 22: Connection timed out
ssh: connect to host 1.2.3.4 port 22: Connection timed out

real 2m13,670s
user 0m0,012s
sys 0m0,018s

This seems a regression from OpenSSH 7.5 where it works as expected. OpenSSH 7.8 seems affected as well
The first timeout happens after 2 seconds, the second after ~2 minutes

Comment 1 Darren Tucker 2019-02-01 14:27:33 AEDT

Comparing sshconnect.c between the two versions, I think I see what happened: 7.6 added waitrfd(), which writes the remaining timeout back to timeoutp.  After the 1st timeout, this does not get reset on the 2nd and subsequent connection attempts, and a timeout of 0 means "no timeout".

Comment 2 Darren Tucker 2019-02-01 14:31:56 AEDT

Created attachment 3233 [details]
Save initial timeout and reused for 2nd and subsequent connection attempts

Comment 3 Darren Tucker 2019-02-01 14:39:30 AEDT

Test case with patch:
$ time ssh/obj/ssh -vvv -o ConnectTimeout=2 -o ConnectionAttempts=2 -o StrictHostKeyChecking=false -o UserKnownHostsFile=/dev/null 1.2.3.4
[...]
debug2: ssh_connect_direct
debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22.
debug2: fd 3 setting O_NONBLOCK
debug1: connect to address 1.2.3.4 port 22: Operation timed out
debug1: Trying again...
debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22.
debug2: fd 3 setting O_NONBLOCK
debug1: connect to address 1.2.3.4 port 22: Operation timed out
ssh: connect to host 1.2.3.4 port 22: Operation timed out

real    0m5.077s
user    0m0.010s
sys     0m0.030s

Comment 4 Darren Tucker 2019-02-01 14:56:33 AEDT

Patch has been applied and will be in the 8.0 release.  Thanks for the report and especially specifying exactly the versions where it changed.

Comment 5 Damien Miller 2019-05-03 14:42:34 AEST

Move resolved bugs -> CLOSED after 8.0 release

Comment 6 Damien Miller 2019-09-06 12:51:00 AEST

*** Bug 3066 has been marked as a duplicate of this bug. ***