[Bro-Dev] [JIRA] (BIT-1498) add '-q' to ssh execution in ssh_runner.py

Fri, 11 Mar 2016 08:31:13 -0800 

    [ 
https://bro-tracker.atlassian.net/browse/BIT-1498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=24804#comment-24804
 ] 

Jon Schipp commented on BIT-1498:
---------------------------------

I think the ssh messages are helpful in debugging problems but you're right we 
probably don't want to see the banner.

Some notes:
The banner prints when sshd_config is set to use the Banner option. Banner 
happens before authentication. The motd is not printed when the PrintMotd 
option is used.

root@manager:~# broctl start
starting manager ...
starting proxy-1 ...
starting worker-1 ...
starting worker-2 ...

This BANNER is displaying /etc/issue.net
Ubuntu 14.04.1 LTS

Stopping sshd on node1 will show banner and the informational ssh messages:
root@manager:~# broctl start
manager still running
proxy-1 still running
ssh: connect to host 10.1.1.20 port 22: Connection refused
This BANNER is displaying /etc/issue.net
Ubuntu 14.04.1 LTS
Error: cannot connect to worker-1
worker-2 still running

Stopping sshd on node1 while -q is set in ssh_runner.py yields a "Error: cannot 
connect", not the ssh errors.
root@manager:~# broctl start
...
Error: cannot connect to worker-1
worker-2 still running

Shutting down the node will yield
root@manager:~# broctl start
...
ssh: connect to host 10.1.1.20 port 22: No route to host
Error: cannot connect to worker-1

> add '-q' to ssh execution in ssh_runner.py
> ------------------------------------------
>
>                 Key: BIT-1498
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1498
>             Project: Bro Issue Tracker
>          Issue Type: Patch
>          Components: BroControl
>    Affects Versions: 2.4
>            Reporter: scampbell
>            Assignee: Jon Schipp
>            Priority: Trivial
>              Labels: broctl
>             Fix For: 2.5
>
>
> When using broctl in an environment with login banners, they will be 
> displayed in the broctl command.  In the event that they can not be 
> configured away on the sshd end using '-q' avoids displaying the banner on 
> the client side.
> The patch is trivial:
> --- a/BroControl/ssh_runner.py
> +++ b/BroControl/ssh_runner.py
> @@ -108,6 +108,7 @@ class SSHMaster:
>          self.base_cmd = [
>              "ssh",
>              "-o", "BatchMode=yes",
> +            "-q",
>              host,
>          ]
>          self.need_connect = True



--
This message was sent by Atlassian JIRA
(v7.2.0-OD-03-014#72000)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

Reply via email to