Re: ssh_channel_open_session only works the first time called

Fri, 05 Nov 2021 02:22:57 -0700 

On 11/3/21 11:23, Thorsten R. wrote:

On 11/2/21 15:46, Jakub Jelen wrote:

Hi,
does your Cisco switch support more channels? You can try it for
example with openssh with connection multiplexing using
ControlMaster/ControlPath.


That's an interesting point. Did not know that multiplexing is possible.
But this is what I got:

First terminal
==============

tr@LinuxMint19:~/$ ssh -o ControlMaster=yes -o 
ControlPath=~/.ssh/control-%h_%p_%r admin@192.168.4.219

Password: ************
gwswitch1#

Second terminal
===============

tr@LinuxMint19:~/$ ssh -o ControlPath=~/.ssh/control-%h_%p_%r 
admin@192.168.4.219
mux_client_request_session: session request failed: Session open refused 
by peer


This is the failure to open a session channel.


Password: ************
gwswitch1#



OpenSSH implements fallback opening a new connection if the remote does 
not allow this.



Output on first terminal after second terminal connects:
gwswitch1#channel 3: open failed: resource shortage:
gwswitch1#

It seems that multiplexing is not possible on Cisco switches.
But now I am a little bit confused. I thought that calling

ssh_channel_close(channel);
ssh_channel_free(channel);


closes the shell and the session in a way that I can open a new one if 
needed.



Right. This closes the session channel, but connection is still open. 
With other servers, what you do might work just fine. With OpenSSH 
server, you can probably emulate this with "MaxSessions 1" in sshd_config.



What is the right way to open a SSH connection, open a terminal/shell, 
execute a few commands in it with


ssh_channel_write()
ssh_channel_read_nonblocking()

and close the shell without losing the connection?



This is not the most common use case. Generally, you want to execute 
command and exit or open a shell, execute commands, collect results and 
again exit the connection.



If you want to send more commands in some longer timespan, you will 
probably have to open a shell and handle the IO yourself as described in 
the following tutorial chapter:


https://api.libssh.org/stable/libssh_tutor_shell.html

Regards,
--
Jakub Jelen
Crypto Team, Security Engineering
Red Hat, Inc.
























					Reply via email to