https://bugzilla.redhat.com/show_bug.cgi?id=2185785
Martin Pitt mpitt@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |k.koukiou@gmail.com, | |mmarusak@redhat.com, | |mpitt@redhat.com, | |patrick@club-linux.ch, | |stefw@redhat.com Link ID| |Github | |cockpit-project/cockpit/iss | |ues/18310 Component|sssd |cockpit Assignee|sssd-maintainers@lists.fedo |mpitt@redhat.com |raproject.org |
--- Comment #4 from Martin Pitt mpitt@redhat.com --- Alexey: Good call -- but indeed RHEL 8 doesn't support it yet (we would really like to use it for Cockpit as well, but it's annoying that we can't yet).
Thanks Lukas for pointing out! Indeed I reproduced this completely independently of sssd.
New reproducer:
1. dnf install cockpit-bridge netcat 2. Set up an SSH key and add it to ~/.ssh/authorized_keys; you should be able to do "ssh localhost" *without* an "unknown host key" prompt (i.e. accept it for the first time) and *without* a password prompt (due to using key login). 3. Set up a dummy ProxyCommand config (make sure to do this with a test user account: printf 'Host dummyproxy\nHostname localhost\nProxyCommand nc %%h %%p\n' > ~/.ssh/config
4. Run a proxied SSH session through ssh(1), and ensure that it works: ssh dummyproxy
Check that `pgrep -a nc` shows the `nc localhost 22` proxy command launched by ssh.
5. Run an SSH session through libssh (using cockpit-ssh as client), and kill it: (printf '\n\n\n\n\n\n'; sleep 20) | /usr/libexec/cockpit-ssh dummyproxy & sleep 1 && pkill -e cockpit-ssh
After 5, `pgrep -a nc` shows the leaked `nc` process.
But now I realize that libssh probably shouldn't install a SIGTERM signal handler to clean this up, as that's awkward in libraries. I suppose this should happen in cockpit-ssh and shut down the SSH connection properly.