Created attachment 3132 [details] patch that removes close_socket() of listening socket. Hi all, The ssh-agent closes the listening socket if handle_socket_read() fails for any reason. This makes the agent process unusable if the getpeereid check fails. Older versions before 7.6p1 used to not close the listening socket. You can reproduce this bug by executing agent-getpeereid.sh test but instead of killing the agent process at the end, execute "ssh-add -l" again with a privileged user. You will notice that the connection will be refused because the listening socket was closed by the agent. On our AIX test server we had a more severe issue because of this bug. The ssh client tries to check if a ssh-agent is present by connecting to it and immediately closing the socket again. On the agent side, this can cause the call to getpeereid() to fail with the errormessage "Connection closed" causing the listening socket to be closed as well, making any future connections to the agent process impossible. Thanks
oops - well spotted. I'll take a look.
This has been committed on the master and V_7_7 branches. Thanks! commit 260ede2787fe80b18b8d5920455b4fb268519c7d Author: djm@openbsd.org <djm@openbsd.org> Date: Mon Apr 9 23:54:49 2018 +0000 upstream: don't kill ssh-agent's listening socket entriely if we fail to accept a connection; bz#2837, patch from Lukas Kuster OpenBSD-Commit-ID: 52413f5069179bebf30d38f524afe1a2133c738f
Close RESOLVED bugs with the release of openssh-8.0