Re: sshd proctitle [Re: CVS: cvs.openbsd.org: src]
On Fri, 24 Jan 2020, Stuart Henderson wrote:
> That works - etc/rc.d/sshd diff to match as follows:
>
> Index: sshd
> ===
> RCS file: /cvs/src/etc/rc.d/sshd,v
> retrieving revision 1.5
> diff -u -p -r1.5 sshd
> --- sshd 22 Jan 2020 13:14:51 - 1.5
> +++ sshd 24 Jan 2020 11:59:52 -
> @@ -6,7 +6,7 @@ daemon="/usr/sbin/sshd"
>
> . /etc/rc.d/rc.subr
>
> -pexp="sshd: \[listener\].*"
> +pexp="sshd: ${daemon}${daemon_flags:+ ${daemon_flags}} \[listener\].*"
>
> rc_reload() {
> ${daemon} ${daemon_flags} -t && pkill -HUP -xf "${pexp}"
ok djm
Re: sshd proctitle [Re: CVS: cvs.openbsd.org: src]
On Fri, 24 Jan 2020, Antoine Jacoutot wrote: > Great :-) > Ok aja committed, the proctitle looks like this now in case the rc scripts need further tweaking: $ pgrep -lf sshd 12844 sshd: /usr/sbin/sshd -f /etc/ssh/sshd_config [listener] 0 of 10-100 startups
Re: sshd proctitle [Re: CVS: cvs.openbsd.org: src]
Great :-)
Ok aja
—
Antoine
> On 24 Jan 2020, at 13:02, Stuart Henderson wrote:
>
> On 2020/01/23 21:20, Damien Miller wrote:
>>> On Thu, 23 Jan 2020, Damien Miller wrote:
>>>
On Thu, 23 Jan 2020, Damien Miller wrote:
>>>
What information would you like there? We could put the first N listen
addrs in the proctitle if that would help.
>>>
>>> Maybe like this:
>>>
>>> 63817 ?? S0:00.05 sshd: [listen] on [0.0.0.0]:22, [::]:22, 0 of
>>> 10-100
>>
>> antoine@ said this was not sufficient, so please try the following:
>>
>> 63817 ?? I0:00.09 sshd: /usr/sbin/sshd [listener] 0 of 10-100
>> startups
>
> That works - etc/rc.d/sshd diff to match as follows:
>
> Index: sshd
> ===
> RCS file: /cvs/src/etc/rc.d/sshd,v
> retrieving revision 1.5
> diff -u -p -r1.5 sshd
> --- sshd22 Jan 2020 13:14:51 -1.5
> +++ sshd24 Jan 2020 11:59:52 -
> @@ -6,7 +6,7 @@ daemon="/usr/sbin/sshd"
>
> . /etc/rc.d/rc.subr
>
> -pexp="sshd: \[listener\].*"
> +pexp="sshd: ${daemon}${daemon_flags:+ ${daemon_flags}} \[listener\].*"
>
> rc_reload() {
>${daemon} ${daemon_flags} -t && pkill -HUP -xf "${pexp}"
>
>
>
>>
>> diff --git a/sshd.c b/sshd.c
>> index f6139fe..b7ed0f3 100644
>> --- a/sshd.c
>> +++ b/sshd.c
>> @@ -240,6 +240,8 @@ void destroy_sensitive_data(void);
>> void demote_sensitive_data(void);
>> static void do_ssh2_kex(struct ssh *);
>>
>> +static char *listener_proctitle;
>> +
>> /*
>> * Close all listening sockets
>> */
>> @@ -1032,9 +1034,9 @@ server_accept_loop(int *sock_in, int *sock_out, int
>> *newsock, int *config_s)
>> */
>>for (;;) {
>>if (ostartups != startups) {
>> -setproctitle("[listener] %d of %d-%d startups",
>> -startups, options.max_startups_begin,
>> -options.max_startups);
>> +setproctitle("%s [listener] %d of %d-%d startups",
>> +listener_proctitle, startups,
>> +options.max_startups_begin, options.max_startups);
>>ostartups = startups;
>>}
>>if (received_sighup) {
>> @@ -1347,6 +1349,41 @@ accumulate_host_timing_secret(struct sshbuf
>> *server_cfg,
>>sshbuf_free(buf);
>> }
>>
>> +static void
>> +xextendf(char **s, const char *sep, const char *fmt, ...)
>> +__attribute__((__format__ (printf, 3, 4))) __attribute__((__nonnull__
>> (3)));
>> +static void
>> +xextendf(char **sp, const char *sep, const char *fmt, ...)
>> +{
>> +va_list ap;
>> +char *tmp1, *tmp2;
>> +
>> +va_start(ap, fmt);
>> +xvasprintf(, fmt, ap);
>> +va_end(ap);
>> +
>> +if (*sp == NULL || **sp == '\0') {
>> +free(*sp);
>> +*sp = tmp1;
>> +return;
>> +}
>> +xasprintf(, "%s%s%s", *sp, sep, tmp1);
>> +free(tmp1);
>> +free(*sp);
>> +*sp = tmp2;
>> +}
>> +
>> +static char *
>> +prepare_proctitle(int ac, char **av)
>> +{
>> +char *ret = NULL;
>> +int i;
>> +
>> +for (i = 0; i < ac; i++)
>> +xextendf(, " ", "%s", av[i]);
>> +return ret;
>> +}
>> +
>> /*
>> * Main program for the daemon.
>> */
>> @@ -1774,6 +1811,7 @@ main(int ac, char **av)
>>rexec_argv[rexec_argc] = "-R";
>>rexec_argv[rexec_argc + 1] = NULL;
>>}
>> +listener_proctitle = prepare_proctitle(ac, av);
>>
>>/* Ensure that umask disallows at least group and world write */
>>new_umask = umask(0077) | 0022;
>>
>
Re: sshd proctitle [Re: CVS: cvs.openbsd.org: src]
On 2020/01/23 21:20, Damien Miller wrote:
> On Thu, 23 Jan 2020, Damien Miller wrote:
>
> > On Thu, 23 Jan 2020, Damien Miller wrote:
> >
> > > What information would you like there? We could put the first N listen
> > > addrs in the proctitle if that would help.
> >
> > Maybe like this:
> >
> > 63817 ?? S0:00.05 sshd: [listen] on [0.0.0.0]:22, [::]:22, 0 of
> > 10-100
>
> antoine@ said this was not sufficient, so please try the following:
>
> 63817 ?? I0:00.09 sshd: /usr/sbin/sshd [listener] 0 of 10-100
> startups
That works - etc/rc.d/sshd diff to match as follows:
Index: sshd
===
RCS file: /cvs/src/etc/rc.d/sshd,v
retrieving revision 1.5
diff -u -p -r1.5 sshd
--- sshd22 Jan 2020 13:14:51 - 1.5
+++ sshd24 Jan 2020 11:59:52 -
@@ -6,7 +6,7 @@ daemon="/usr/sbin/sshd"
. /etc/rc.d/rc.subr
-pexp="sshd: \[listener\].*"
+pexp="sshd: ${daemon}${daemon_flags:+ ${daemon_flags}} \[listener\].*"
rc_reload() {
${daemon} ${daemon_flags} -t && pkill -HUP -xf "${pexp}"
>
> diff --git a/sshd.c b/sshd.c
> index f6139fe..b7ed0f3 100644
> --- a/sshd.c
> +++ b/sshd.c
> @@ -240,6 +240,8 @@ void destroy_sensitive_data(void);
> void demote_sensitive_data(void);
> static void do_ssh2_kex(struct ssh *);
>
> +static char *listener_proctitle;
> +
> /*
> * Close all listening sockets
> */
> @@ -1032,9 +1034,9 @@ server_accept_loop(int *sock_in, int *sock_out, int
> *newsock, int *config_s)
>*/
> for (;;) {
> if (ostartups != startups) {
> - setproctitle("[listener] %d of %d-%d startups",
> - startups, options.max_startups_begin,
> - options.max_startups);
> + setproctitle("%s [listener] %d of %d-%d startups",
> + listener_proctitle, startups,
> + options.max_startups_begin, options.max_startups);
> ostartups = startups;
> }
> if (received_sighup) {
> @@ -1347,6 +1349,41 @@ accumulate_host_timing_secret(struct sshbuf
> *server_cfg,
> sshbuf_free(buf);
> }
>
> +static void
> +xextendf(char **s, const char *sep, const char *fmt, ...)
> +__attribute__((__format__ (printf, 3, 4))) __attribute__((__nonnull__
> (3)));
> +static void
> +xextendf(char **sp, const char *sep, const char *fmt, ...)
> +{
> + va_list ap;
> + char *tmp1, *tmp2;
> +
> + va_start(ap, fmt);
> + xvasprintf(, fmt, ap);
> + va_end(ap);
> +
> + if (*sp == NULL || **sp == '\0') {
> + free(*sp);
> + *sp = tmp1;
> + return;
> + }
> + xasprintf(, "%s%s%s", *sp, sep, tmp1);
> + free(tmp1);
> + free(*sp);
> + *sp = tmp2;
> +}
> +
> +static char *
> +prepare_proctitle(int ac, char **av)
> +{
> + char *ret = NULL;
> + int i;
> +
> + for (i = 0; i < ac; i++)
> + xextendf(, " ", "%s", av[i]);
> + return ret;
> +}
> +
> /*
> * Main program for the daemon.
> */
> @@ -1774,6 +1811,7 @@ main(int ac, char **av)
> rexec_argv[rexec_argc] = "-R";
> rexec_argv[rexec_argc + 1] = NULL;
> }
> + listener_proctitle = prepare_proctitle(ac, av);
>
> /* Ensure that umask disallows at least group and world write */
> new_umask = umask(0077) | 0022;
>
Re: sshd proctitle [Re: CVS: cvs.openbsd.org: src]
On Thu, 23 Jan 2020, Damien Miller wrote:
> On Thu, 23 Jan 2020, Damien Miller wrote:
>
> > What information would you like there? We could put the first N listen
> > addrs in the proctitle if that would help.
>
> Maybe like this:
>
> 63817 ?? S0:00.05 sshd: [listen] on [0.0.0.0]:22, [::]:22, 0 of
> 10-100
antoine@ said this was not sufficient, so please try the following:
63817 ?? I0:00.09 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups
diff --git a/sshd.c b/sshd.c
index f6139fe..b7ed0f3 100644
--- a/sshd.c
+++ b/sshd.c
@@ -240,6 +240,8 @@ void destroy_sensitive_data(void);
void demote_sensitive_data(void);
static void do_ssh2_kex(struct ssh *);
+static char *listener_proctitle;
+
/*
* Close all listening sockets
*/
@@ -1032,9 +1034,9 @@ server_accept_loop(int *sock_in, int *sock_out, int
*newsock, int *config_s)
*/
for (;;) {
if (ostartups != startups) {
- setproctitle("[listener] %d of %d-%d startups",
- startups, options.max_startups_begin,
- options.max_startups);
+ setproctitle("%s [listener] %d of %d-%d startups",
+ listener_proctitle, startups,
+ options.max_startups_begin, options.max_startups);
ostartups = startups;
}
if (received_sighup) {
@@ -1347,6 +1349,41 @@ accumulate_host_timing_secret(struct sshbuf *server_cfg,
sshbuf_free(buf);
}
+static void
+xextendf(char **s, const char *sep, const char *fmt, ...)
+__attribute__((__format__ (printf, 3, 4))) __attribute__((__nonnull__
(3)));
+static void
+xextendf(char **sp, const char *sep, const char *fmt, ...)
+{
+ va_list ap;
+ char *tmp1, *tmp2;
+
+ va_start(ap, fmt);
+ xvasprintf(, fmt, ap);
+ va_end(ap);
+
+ if (*sp == NULL || **sp == '\0') {
+ free(*sp);
+ *sp = tmp1;
+ return;
+ }
+ xasprintf(, "%s%s%s", *sp, sep, tmp1);
+ free(tmp1);
+ free(*sp);
+ *sp = tmp2;
+}
+
+static char *
+prepare_proctitle(int ac, char **av)
+{
+ char *ret = NULL;
+ int i;
+
+ for (i = 0; i < ac; i++)
+ xextendf(, " ", "%s", av[i]);
+ return ret;
+}
+
/*
* Main program for the daemon.
*/
@@ -1774,6 +1811,7 @@ main(int ac, char **av)
rexec_argv[rexec_argc] = "-R";
rexec_argv[rexec_argc + 1] = NULL;
}
+ listener_proctitle = prepare_proctitle(ac, av);
/* Ensure that umask disallows at least group and world write */
new_umask = umask(0077) | 0022;
Re: sshd proctitle [Re: CVS: cvs.openbsd.org: src]
On Thu, Jan 23, 2020 at 02:36:43PM +1100, Damien Miller wrote: > On Wed, 22 Jan 2020, Stuart Henderson wrote: > > > On 2020/01/21 15:39, Damien Miller wrote: > > > CVSROOT: /cvs > > > Module name: src > > > Changes by: d...@cvs.openbsd.org2020/01/21 15:39:57 > > > > > > Modified files: > > > usr.bin/ssh: sshd.c > > > > > > Log message: > > > expose the number of currently-authenticating connections > > > along with the MaxStartups limit in the proctitle; > > > suggestion from Philipp Marek, w/ feedback from Craig Miskell > > > ok dtucker@ > > > > > > > It's nice to have this information visible, but it brings some problems. > > You can't now distinguish between multiple sshd processes (e.g. if you > > run several on different ports it's hard to figure out which one to > > signal if needed). > > How could you discern between different sshd processes before? Just the > command-line args? Yes. e.g. for 2 different sshd running: root 92105 0.0 0.0 1360 1296 ?? I Wed07AM0:00.05 /usr/sbin/sshd root 68236 0.0 0.0 1372 1364 ?? S 7:08AM0:00.00 /usr/sbin/sshd -f /etc/ssh/sshd_config2 > What information would you like there? We could put the first N listen > addrs in the proctitle if that would help. Can't we put the args back and append the new things we expose? That will also be easier to know which currently-authenticating / MaxStartups sshd process we are talking about if we run several. proctitle bit us in the arse several times in the past with rc.d. My 2 cents, maybe I am talking garbage. -- Antoine
Re: sshd proctitle [Re: CVS: cvs.openbsd.org: src]
On Thu, 23 Jan 2020, Damien Miller wrote:
> On Wed, 22 Jan 2020, Stuart Henderson wrote:
>
> > On 2020/01/21 15:39, Damien Miller wrote:
> > > CVSROOT: /cvs
> > > Module name: src
> > > Changes by: d...@cvs.openbsd.org2020/01/21 15:39:57
> > >
> > > Modified files:
> > > usr.bin/ssh: sshd.c
> > >
> > > Log message:
> > > expose the number of currently-authenticating connections
> > > along with the MaxStartups limit in the proctitle;
> > > suggestion from Philipp Marek, w/ feedback from Craig Miskell
> > > ok dtucker@
> > >
> >
> > It's nice to have this information visible, but it brings some problems.
> > You can't now distinguish between multiple sshd processes (e.g. if you
> > run several on different ports it's hard to figure out which one to
> > signal if needed).
>
> How could you discern between different sshd processes before? Just the
> command-line args?
>
> What information would you like there? We could put the first N listen
> addrs in the proctitle if that would help.
Maybe like this:
63817 ?? S0:00.05 sshd: [listen] on [0.0.0.0]:22, [::]:22, 0 of 10-100
ok?
diff --git a/sshd.c b/sshd.c
index ec644c9..15014d1 100644
--- a/sshd.c
+++ b/sshd.c
@@ -240,6 +240,9 @@ void destroy_sensitive_data(void);
void demote_sensitive_data(void);
static void do_ssh2_kex(struct ssh *);
+/* Listen info for proctitle */
+static char *proctitle_listen_addr;
+
/*
* Close all listening sockets
*/
@@ -913,7 +916,7 @@ listen_on_addrs(struct listenaddr *la)
{
int ret, listen_sock;
struct addrinfo *ai;
- char ntop[NI_MAXHOST], strport[NI_MAXSERV];
+ char *cp, ntop[NI_MAXHOST], strport[NI_MAXSERV];
for (ai = la->addrs; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
@@ -973,6 +976,15 @@ listen_on_addrs(struct listenaddr *la)
ntop, strport,
la->rdomain == NULL ? "" : " rdomain ",
la->rdomain == NULL ? "" : la->rdomain);
+ if (num_listen_socks < 3) {
+ cp = proctitle_listen_addr;
+ xasprintf(_listen_addr, "%s%s[%s]:%s%s%s",
+ cp == NULL ? "" : cp, cp == NULL ? "" : ", ",
+ ntop, strport,
+ la->rdomain == NULL ? "" : " rdomain ",
+ la->rdomain == NULL ? "" : la->rdomain);
+ free(cp);
+ }
}
}
@@ -1030,7 +1042,9 @@ server_accept_loop(int *sock_in, int *sock_out, int
*newsock, int *config_s)
*/
for (;;) {
if (ostartups != startups) {
- setproctitle("[listener] %d of %d-%d startups",
+ setproctitle("[listen] on %s%s, "
+ "%d of %d-%d startups", proctitle_listen_addr,
+ num_listen_socks > 3 ? " [...]" : "",
startups, options.max_startups_begin,
options.max_startups);
ostartups = startups;
Re: sshd proctitle [Re: CVS: cvs.openbsd.org: src]
On Wed, 22 Jan 2020, Stuart Henderson wrote: > On 2020/01/21 15:39, Damien Miller wrote: > > CVSROOT:/cvs > > Module name:src > > Changes by: d...@cvs.openbsd.org2020/01/21 15:39:57 > > > > Modified files: > > usr.bin/ssh: sshd.c > > > > Log message: > > expose the number of currently-authenticating connections > > along with the MaxStartups limit in the proctitle; > > suggestion from Philipp Marek, w/ feedback from Craig Miskell > > ok dtucker@ > > > > It's nice to have this information visible, but it brings some problems. > You can't now distinguish between multiple sshd processes (e.g. if you > run several on different ports it's hard to figure out which one to > signal if needed). How could you discern between different sshd processes before? Just the command-line args? What information would you like there? We could put the first N listen addrs in the proctitle if that would help. -d
Re: sshd proctitle [Re: CVS: cvs.openbsd.org: src]
I guess this needs to be changed again, to retain more info from the
original title.
Stuart Henderson wrote:
> On 2020/01/21 15:39, Damien Miller wrote:
> > CVSROOT:/cvs
> > Module name:src
> > Changes by: d...@cvs.openbsd.org2020/01/21 15:39:57
> >
> > Modified files:
> > usr.bin/ssh: sshd.c
> >
> > Log message:
> > expose the number of currently-authenticating connections
> > along with the MaxStartups limit in the proctitle;
> > suggestion from Philipp Marek, w/ feedback from Craig Miskell
> > ok dtucker@
> >
>
> It's nice to have this information visible, but it brings some problems.
> You can't now distinguish between multiple sshd processes (e.g. if you
> run several on different ports it's hard to figure out which one to
> signal if needed).
>
> The rc.d script also needs updating because it uses pgrep to find the
> matching process:
>
> Index: sshd
> ===
> RCS file: /cvs/src/etc/rc.d/sshd,v
> retrieving revision 1.4
> diff -u -p -r1.4 sshd
> --- sshd 11 Jan 2018 19:52:12 - 1.4
> +++ sshd 22 Jan 2020 12:52:15 -
> @@ -6,6 +6,8 @@ daemon="/usr/sbin/sshd"
>
> . /etc/rc.d/rc.subr
>
> +pexp="sshd: \[listener\].*"
> +
> rc_reload() {
> ${daemon} ${daemon_flags} -t && pkill -HUP -xf "${pexp}"
> }
>
>
