[jira] [Commented] (SSHD-736) Filesystem collision in development environment
[
https://issues.apache.org/jira/browse/SSHD-736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16075884#comment-16075884
]
David Ostrovsky commented on SSHD-736:
--
Hi Lyor,
unfortunately 1.6 didn't fix it. if I re-add {{FileSystemProvider}} again, then
our dev instance wouldn't start, see http://paste.openstack.org/show/614527.
{quote}
Anyway, the workaround for excluding the FileSystemProvider seems reasonable
enough - I doubt any Gerrit features use the capability to "mount" an SFTP file
system.
{quote}
This is correct, so sticking to this workaround for now.
> Filesystem collision in development environment
> ---
>
> Key: SSHD-736
> URL: https://issues.apache.org/jira/browse/SSHD-736
> Project: MINA SSHD
> Issue Type: Question
>Affects Versions: 1.4.0
> Environment: Linux, Gerrit
>Reporter: David Ostrovsky
>Assignee: Goldstein Lyor
>Priority: Minor
>
> In the development environment, we are using java filesystem,
> to short circuit loading of servlets for the JavaScript Polymer UI.
> Since upgrade to 1.4.0 Gerrit refuses to start in such dev environment.
> I seems, that during start of FileSystem, it loads all file system providers
> on the classpath. Since sshd-core is on the lcasspath, it's trying to load
> also {{SftpFileSystemProvider}}, and is failing with class custom exception:
> [1].
> Note, that we don't do that when booting release gerrit version, so we
> do see this poblem only in the development environment.
> We have 2 work arounds so far: disable file system usage in gerrit in this
> code path: [2], or use custom built sshd-core version without this file[3]:
>
> {{sshd-core/src/main/filtered-resources/META-INF/services/java.nio.file.spi.FileSystemProvider}}
> * [1] http://paste.openstack.org/show/604912
> * [2] http://paste.openstack.org/show/604911
> * [3] http://paste.openstack.org/show/604917
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Commented] (SSHD-754) OOM in sending data for channel
[
https://issues.apache.org/jira/browse/SSHD-754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16075469#comment-16075469
]
Eugene Petrenko commented on SSHD-754:
--
After reproducing the problem in tests I was able to come up with the following
patch (in Kotlin) for an inheritor of ServerSessionImpl to fix the test
{code}
private class PressureLock {
private val semaphore = Semaphore(100)
fun acquire() : SshFutureListener {
semaphore.acquire()
return listener
}
private val listener = object : SshFutureListener {
override fun operationComplete(future: IoWriteFuture?) {
semaphore.release()
}
}
}
private val CHANNEL_STDOUT_LOCK = PressureLock()
private val CHANNEL_STDERR_LOCK = PressureLock()
override fun writePacket(buffer: Buffer): IoWriteFuture {
// The workaround for VCS-797
// and https://issues.apache.org/jira/browse/SSHD-754
// the trick is to block writer thread once there are more
// than 100 messages in either rekey wait queue or nio write queue
val lock = when (buffer.array()[buffer.rpos()]) {
SshConstants.SSH_MSG_CHANNEL_DATA -> CHANNEL_STDOUT_LOCK
SshConstants.SSH_MSG_CHANNEL_EXTENDED_DATA -> CHANNEL_STDERR_LOCK
else -> null
}?.acquire()
val future = super.writePacket(buffer)
if (lock != null) {
future.addListener(lock)
}
return future
}
}
{code}
> OOM in sending data for channel
> ---
>
> Key: SSHD-754
> URL: https://issues.apache.org/jira/browse/SSHD-754
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 1.1.0
>Reporter: Eugene Petrenko
>
> I have an implementation of SSHD server with the library. It sends gigabytes
> (e.g. 5GB) of data as command output.
> Starting from Putty plink 0.68 (also includes plink 0.69) we started to have
> OOM errors. Checking memory dumps shown the most of the memory is consumed
> from the function
> org.apache.sshd.common.session.AbstractSession#writePacket(org.apache.sshd.common.util.buffer.Buffer)
> In the hprof I see thousands of PendingWriteFuture objects (btw, each holds a
> reference to a logger instance). And those objects are only created from this
> function.
> It is clear the session is running through rekey. I see the kexState
> indicating the progress.
> Is there a way to artificially limit the sending queue, no matter if related
> remote window allows sending that enormous amount of data? As of my
> estimation, the window was reported to be around 1.5 GB or more. Maybe, such
> huge window size was caused by an arithmetic overflow that is fixed on
> SSHD-701
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Commented] (SSHD-754) OOM in sending data for channel
[ https://issues.apache.org/jira/browse/SSHD-754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16075341#comment-16075341 ] Eugene Petrenko commented on SSHD-754: -- It looks like starting from April 2016, plink enables 'simple' mode for SSH. It was done by commit b22c0b6f3e6f5254270a89f86df3edfc4da829d2 https://git.tartarus.org/?p=simon/putty.git;a=commit;h=b22c0b6f3e6f5254270a89f86df3edfc4da829d2. Starting from 0.68 it sends 2GB (0x7fff) as receive window size. That makes SSHD library to be vulnerable for OOM. The simplified STR is as follows. We need a command that returns huge portion of data, say bigger than heap size. Next, it is only enough to have a client which is slow to read data (e.g. slow channel), the server will easily queue to many packets and it will have OOM out of that. Looks like the org.apache.sshd.common.channel.ChannelOutputStream and similar classes should take into account not only the window size but also it's own write queue. > OOM in sending data for channel > --- > > Key: SSHD-754 > URL: https://issues.apache.org/jira/browse/SSHD-754 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 1.1.0 >Reporter: Eugene Petrenko > > I have an implementation of SSHD server with the library. It sends gigabytes > (e.g. 5GB) of data as command output. > Starting from Putty plink 0.68 (also includes plink 0.69) we started to have > OOM errors. Checking memory dumps shown the most of the memory is consumed > from the function > org.apache.sshd.common.session.AbstractSession#writePacket(org.apache.sshd.common.util.buffer.Buffer) > In the hprof I see thousands of PendingWriteFuture objects (btw, each holds a > reference to a logger instance). And those objects are only created from this > function. > It is clear the session is running through rekey. I see the kexState > indicating the progress. > Is there a way to artificially limit the sending queue, no matter if related > remote window allows sending that enormous amount of data? As of my > estimation, the window was reported to be around 1.5 GB or more. Maybe, such > huge window size was caused by an arithmetic overflow that is fixed on > SSHD-701 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SSHD-754) OOM in sending data for channel
[ https://issues.apache.org/jira/browse/SSHD-754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16074753#comment-16074753 ] Eugene Petrenko commented on SSHD-754: -- Did a try with 1.4.0, where SSHD-701 is closed. Same issue. I have enormous remote windows size, so anything fits into the window, generating endless pending write queue. > OOM in sending data for channel > --- > > Key: SSHD-754 > URL: https://issues.apache.org/jira/browse/SSHD-754 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 1.1.0 >Reporter: Eugene Petrenko > > I have an implementation of SSHD server with the library. It sends gigabytes > (e.g. 5GB) of data as command output. > Starting from Putty plink 0.68 (also includes plink 0.69) we started to have > OOM errors. Checking memory dumps shown the most of the memory is consumed > from the function > org.apache.sshd.common.session.AbstractSession#writePacket(org.apache.sshd.common.util.buffer.Buffer) > In the hprof I see thousands of PendingWriteFuture objects (btw, each holds a > reference to a logger instance). And those objects are only created from this > function. > It is clear the session is running through rekey. I see the kexState > indicating the progress. > Is there a way to artificially limit the sending queue, no matter if related > remote window allows sending that enormous amount of data? As of my > estimation, the window was reported to be around 1.5 GB or more. Maybe, such > huge window size was caused by an arithmetic overflow that is fixed on > SSHD-701 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (SSHD-754) OOM in sending data for channel
Eugene Petrenko created SSHD-754: Summary: OOM in sending data for channel Key: SSHD-754 URL: https://issues.apache.org/jira/browse/SSHD-754 Project: MINA SSHD Issue Type: Bug Affects Versions: 1.1.0 Reporter: Eugene Petrenko I have an implementation of SSHD server with the library. It sends gigabytes (e.g. 5GB) of data as command output. Starting from Putty plink 0.68 (also includes plink 0.69) we started to have OOM errors. Checking memory dumps shown the most of the memory is consumed from the function org.apache.sshd.common.session.AbstractSession#writePacket(org.apache.sshd.common.util.buffer.Buffer) In the hprof I see thousands of PendingWriteFuture objects (btw, each holds a reference to a logger instance). And those objects are only created from this function. It is clear the session is running through rekey. I see the kexState indicating the progress. Is there a way to artificially limit the sending queue, no matter if related remote window allows sending that enormous amount of data? As of my estimation, the window was reported to be around 1.5 GB or more. Maybe, such huge window size was caused by an arithmetic overflow that is fixed on SSHD-701 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[GitHub] mina-sshd pull request #34: [SSHD-700] Fix the issues of the agent forwardin...
GitHub user lifangning opened a pull request: https://github.com/apache/mina-sshd/pull/34 [SSHD-700] Fix the issues of the agent forwarding implementation of IETF. [SSHD-700] Fix the issues of the agent forwarding implementation of IETF. You can merge this pull request into a Git repository by running: $ git pull https://github.com/lifangning/mina-sshd master Alternatively you can review and apply these changes as the patch at: https://github.com/apache/mina-sshd/pull/34.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #34 commit 6806d81e1f8b4c2361f9de50445525c6bea4dd47 Author: Li Fangning Date: 2017-07-05T07:47:11Z [SSHD-700] Fix the issues of the agent forwarding implementation of IETF. commit 9c430db415d727208a38c98b9d79ef68e429edd7 Author: Li Fangning Date: 2017-07-05T08:22:04Z Move agent forwarding constants to FactoryManager. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[jira] [Comment Edited] (SSHD-700) SSHD does not suppot agent forwarding for XShell and XAgent
[ https://issues.apache.org/jira/browse/SSHD-700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16074437#comment-16074437 ] Li Fangning edited comment on SSHD-700 at 7/5/17 8:50 AM: -- Hi Goldstein I have posted a new pull request to the project. Please review the codes. I have already verified this functionality on both Windows and Linux OS, and they all work fine. The UnixAgentFactory use Tomcat JNI, but I don't think it is necessary (and has verified that it is). It does not require the use of the native code to handling the communication protocol. Thanks. Best Regards was (Author: lfn): Hi Goldstein I have post a new pull request to the project. Please review the codes. I have already verified this functionality on both Windows and Linux OS, and they all work fine. The UnixAgentFactory use Tomcat JNI, but I don't think it is necessary (and has verified that it is). It does not require the use of the native code to handling the communication protocol. Thanks. Best Regards > SSHD does not suppot agent forwarding for XShell and XAgent > --- > > Key: SSHD-700 > URL: https://issues.apache.org/jira/browse/SSHD-700 > Project: MINA SSHD > Issue Type: New Feature >Affects Versions: 1.2.0 > Environment: Windows 10 and CentOS 7 > XShell 5.0 >Reporter: Li Fangning >Priority: Minor > Attachments: block.png, debug.log, environment.png, log1.txt, > log2.txt, sshd-core.zip, SshdTest2.java, SshdTest3.java, stacktrace.png > > > I use MINA SSHD for both server side and client side: > SSH client --> MINA SSHD Server - MINA SSHD Client --> Target Linux Server > I use XShell (http://www.netsarang.com/) as SSH client, and use XAgent with > XShell for target server authentication (Public Key Access with Agent > Forwarding). > I have tried PuTTY (with pagent), SecureCRT, and openssh client in linux, > they are all passed. But when I try XShell with XAgent, the agent forwarding > phase is failed. > When I check the debug log and source code of MINA SSHD, I find that SSHD > only handle the "auth-agent-...@openssh.com" request type (in > org.apache.sshd.server.channel.ChannelSession#handleInternalRequest), which > is OK for PuTTY, SecureCRT and openssh client. But XShell send a > "auth-agent-req" request (without "@openssh.com"), so SSHD not handle the > request. > I have try to change the source code, add "auth-agent-req" to the > "switch-case" in handleInternalRequest, but the authentication is blocked. > I have attached my code, please help me solve the problem. > Thanks a lot. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SSHD-700) SSHD does not suppot agent forwarding for XShell and XAgent
[ https://issues.apache.org/jira/browse/SSHD-700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16074437#comment-16074437 ] Li Fangning commented on SSHD-700: -- Hi Goldstein I have post a new pull request to the project. Please review the codes. I have already verified this functionality on both Windows and Linux OS, and they all work fine. The UnixAgentFactory use Tomcat JNI, but I don't think it is necessary (and has verified that it is). It does not require the use of the native code to handling the communication protocol. Thanks. Best Regards > SSHD does not suppot agent forwarding for XShell and XAgent > --- > > Key: SSHD-700 > URL: https://issues.apache.org/jira/browse/SSHD-700 > Project: MINA SSHD > Issue Type: New Feature >Affects Versions: 1.2.0 > Environment: Windows 10 and CentOS 7 > XShell 5.0 >Reporter: Li Fangning >Priority: Minor > Attachments: block.png, debug.log, environment.png, log1.txt, > log2.txt, sshd-core.zip, SshdTest2.java, SshdTest3.java, stacktrace.png > > > I use MINA SSHD for both server side and client side: > SSH client --> MINA SSHD Server - MINA SSHD Client --> Target Linux Server > I use XShell (http://www.netsarang.com/) as SSH client, and use XAgent with > XShell for target server authentication (Public Key Access with Agent > Forwarding). > I have tried PuTTY (with pagent), SecureCRT, and openssh client in linux, > they are all passed. But when I try XShell with XAgent, the agent forwarding > phase is failed. > When I check the debug log and source code of MINA SSHD, I find that SSHD > only handle the "auth-agent-...@openssh.com" request type (in > org.apache.sshd.server.channel.ChannelSession#handleInternalRequest), which > is OK for PuTTY, SecureCRT and openssh client. But XShell send a > "auth-agent-req" request (without "@openssh.com"), so SSHD not handle the > request. > I have try to change the source code, add "auth-agent-req" to the > "switch-case" in handleInternalRequest, but the authentication is blocked. > I have attached my code, please help me solve the problem. > Thanks a lot. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SSHD-700) SSHD does not suppot agent forwarding for XShell and XAgent
[ https://issues.apache.org/jira/browse/SSHD-700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16074426#comment-16074426 ] ASF GitHub Bot commented on SSHD-700: - GitHub user lifangning opened a pull request: https://github.com/apache/mina-sshd/pull/34 [SSHD-700] Fix the issues of the agent forwarding implementation of IETF. [SSHD-700] Fix the issues of the agent forwarding implementation of IETF. You can merge this pull request into a Git repository by running: $ git pull https://github.com/lifangning/mina-sshd master Alternatively you can review and apply these changes as the patch at: https://github.com/apache/mina-sshd/pull/34.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #34 commit 6806d81e1f8b4c2361f9de50445525c6bea4dd47 Author: Li Fangning Date: 2017-07-05T07:47:11Z [SSHD-700] Fix the issues of the agent forwarding implementation of IETF. commit 9c430db415d727208a38c98b9d79ef68e429edd7 Author: Li Fangning Date: 2017-07-05T08:22:04Z Move agent forwarding constants to FactoryManager. > SSHD does not suppot agent forwarding for XShell and XAgent > --- > > Key: SSHD-700 > URL: https://issues.apache.org/jira/browse/SSHD-700 > Project: MINA SSHD > Issue Type: New Feature >Affects Versions: 1.2.0 > Environment: Windows 10 and CentOS 7 > XShell 5.0 >Reporter: Li Fangning >Priority: Minor > Attachments: block.png, debug.log, environment.png, log1.txt, > log2.txt, sshd-core.zip, SshdTest2.java, SshdTest3.java, stacktrace.png > > > I use MINA SSHD for both server side and client side: > SSH client --> MINA SSHD Server - MINA SSHD Client --> Target Linux Server > I use XShell (http://www.netsarang.com/) as SSH client, and use XAgent with > XShell for target server authentication (Public Key Access with Agent > Forwarding). > I have tried PuTTY (with pagent), SecureCRT, and openssh client in linux, > they are all passed. But when I try XShell with XAgent, the agent forwarding > phase is failed. > When I check the debug log and source code of MINA SSHD, I find that SSHD > only handle the "auth-agent-...@openssh.com" request type (in > org.apache.sshd.server.channel.ChannelSession#handleInternalRequest), which > is OK for PuTTY, SecureCRT and openssh client. But XShell send a > "auth-agent-req" request (without "@openssh.com"), so SSHD not handle the > request. > I have try to change the source code, add "auth-agent-req" to the > "switch-case" in handleInternalRequest, but the authentication is blocked. > I have attached my code, please help me solve the problem. > Thanks a lot. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
