Bug 3456 - provide a way to have forwardings killed, when the remote command/shell finishes
Summary: provide a way to have forwardings killed, when the remote command/shell finishes
Status: NEW
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 9.0p1
Hardware: Other All
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-07-06 07:34 AEST by Christoph Anton Mitterer
Modified: 2023-02-10 15:44 AEDT (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christoph Anton Mitterer 2022-07-06 07:34:39 AEST 
Hey.

When having a ssh connection, that sets up some forwardings (I tried with LocalForward) and that executes a remote command (but I guess it's the same when having not remote command but logging in interactively)... the ssh connection is kept open as long as its forwarding is still used by some connection, even when the remote command/shell has finished.

AFAIU, that’s intentional behaviour and indeed it makes quite some sense for many cases.

But I think there may be other use cases, when any forwardings shall be killed once the remote command/shell has finished


I stumbled over this while doing the following:

I have a connection which sets up port forwardings for a VNC server and the connection also executes a remote command which cleverly handles starting that VNC server and also stopping it on Ctrl-C but e.g. not on SIGHUP (i.e. accidental SSH connection loss).

That all works quite well, but in one case the SSH connection remains open, even though the VNC server has already been stopped and the remote command has finished.

This happens, when I actually connect to the VNC server with some client, and quit the VNC server from within that X session.

It then stops the VNC server, my remote command also notices this after a while, but netstat still shows me a connection from local to remote which stays in CLOSE_WAIT forever.
Ctrl-C causes ssh to quit, also when I stop remmina (the VNC client I use)

Guess there must be some issue with closing the connection when the server is exited.



Anyway... from the SSH point of view it would be nice to be able to forcefully kill any such forwarded connections, because it's already clear that as soon as the remote command is finished, not connections won't be possible anymore.


Cheers,
Chris.
Comment 1 Darren Tucker 2022-07-06 09:47:56 AEST 
I think you can do what you're describing on the command line, something like:
$ ssh -L 1234:127.0.0.1:5900 yourserver 'vncserver; kill $PPID'
Comment 2 Christoph Anton Mitterer 2022-07-06 10:51:32 AEST 
I assume your idea here is that this kills the server side ssh process and thereby also the forwarding, which isn't closed because of whathever happens between remmina and vnc?

I tried it and while it works in principle it seems rather a hacky workaround:
- the ssh client gives an error message as the connection is not cleanly shut down
- exit status becomes 255 and not the one with which the remote command exits
Comment 3 Damien Miller 2022-07-06 17:39:58 AEST 
You could also do this using the multiplexing control socket and -O cancel
Comment 4 Christoph Anton Mitterer 2022-07-07 10:20:05 AEST 
> You could also do this using the multiplexing control socket and -O cancel

But AFAIU, this I'd need to do on the local side in an extra command.

So when I have some:
$ ssh foo.example.org

which sets up the forwarding and does via RemoteCommand start the remote service... and that then "hangs" because the forwarding is kept open even after the RemoteCommand has finished,... I would need to run the cancel command from somewhere else, i.e. manually.

So that's merely "as good" as manually doing a Ctrl-C.
Comment 5 Damien Miller 2023-02-10 15:44:06 AEDT 
AFAIK this would work:

ssh -oControlMaster=auto -oControlPersist=1s \
    -oControlPath=/path -L[forward] user@host command ; \
ssh -oControlPath=/path -Oexit user@host