[jira] [Created] (OOZIE-2638) Ssh action fails if .bashrc contain a script

Tue, 16 Aug 2016 10:56:59 -0700 

Attila Sasvari created OOZIE-2638:
-------------------------------------

             Summary: Ssh action fails if .bashrc contain a script 
                 Key: OOZIE-2638
                 URL: https://issues.apache.org/jira/browse/OOZIE-2638
             Project: Oozie
          Issue Type: Improvement
            Reporter: Attila Sasvari
            Priority: Minor


Right now SshActionExecutor runs the SCP command as part of executing the SSH 
action.

As a consequence, if the target SSH user has some command/script in their rc 
file (e.g. .bashrc) that outputs to the standard output in non-interactive 
sessions, the action will fail with 
UNKOWN_ERROR: Not able to perform operation [scp -o PasswordAuthentication=no 
-o KbdInteractiveDevices=no -o StrictHostKeyChecking=no -o ConnectTimeout=20 ...

It turns out, it is the way how openssh SCP works. So if something else  is 
written to stdout (for example an ls in .bashrc), it will fail and return 1.

See 
https://github.com/apache/oozie/blob/master/core/src/main/java/org/apache/oozie/action/ssh/SshActionExecutor.java#L695

To overcome this limitation, we should investigate alternatives that do not 
have this limitation. 

JSch (https://mvnrepository.com/artifact/com.jcraft/jsch) can be such an 
alternative.

References:
- Is this shell interactive? 
https://www.gnu.org/software/bash/manual/html_node/Is-this-Shell-Interactive_003f.html
- https://github.com/openssh/libopenssh/blob/master/ssh/scp.c
- 
http://stackoverflow.com/questions/12440287/scp-doesnt-work-when-echo-in-bashrc/12442753#12442753
- https://bugzilla.redhat.com/show_bug.cgi?id=20527
- 
http://unix.stackexchange.com/questions/120080/what-are-ssh-tty-and-ssh-connection

* As a workaround, one could detect in their .bashrc (or the corresponding rc 
file of the shell they prefer) if they are in an SCP / non-interactive session, 
do not echo anything on noninteractive shell.

For example, if I put the following into my .bashrc 
[[ $- == i ]] || return
SCP will work. But there can be situations where commands must be run. We could 
silent them (by redirecting stderr/stdout), but I believe it is not so 
convenient for a lot of users.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to