Bug 1719 - Debug server prints debug messages on client
Summary: Debug server prints debug messages on client
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 5.4p1
Hardware: All All
: P2 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_5_7
  Show dependency treegraph
 
Reported: 2010-02-28 06:59 AEDT by petesea
Modified: 2011-01-24 12:33 AEDT (History)
2 users (show)

See Also:

Attachments
/home/djm/ssh-undebug-post-fork.diff (548 bytes, patch)
2010-11-24 11:54 AEDT, Damien Miller 		dtucker: ok+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description petesea 2010-02-28 06:59:29 AEDT 
A server started with debugging options (eg "sshd -e -ddd -p4242") will print debug and "Environment" messages on the client:

   $ ssh -p4242 127.0.0.1 'date'
   Environment:
     USER=...
     LOGNAME=...
     HOME=...
     PATH=...
     MAIL=...
     SHELL=...
     SSH_CLIENT=...
     SSH_CONNECTION=...
   debug3: channel 0: close_fds r -1 w -1 e -1 c -1
   Sat Feb 27 11:52:32 PST 2010

It's often useful to start a debug server to help track down problems without interfering with the client... and those extra client-side debug and "Environment" messages can cause issues for things that indirectly run ssh (like cvs and svn) if they aren't expecting the output.
Comment 1 Darren Tucker 2010-04-09 14:19:47 AEST 
You can prevent (most of this) by specifying -e to sshd, eg:

/usr/local/sbin/sshd -De -o loglevel=debug3 -p 2022

however it looks like there's an extra debug that didn't used to be there.

$ ssh -p 2022 localhost
Last login: Fri Apr  9 13:23:49 2010 from ...
debug3: channel 0: close_fds r -1 w -1 e -1
$
Comment 2 petesea 2010-04-10 03:13:42 AEST 
(In reply to comment #1)
> You can prevent (most of this) by specifying -e to sshd, eg:
> 
> /usr/local/sbin/sshd -De -o loglevel=debug3 -p 2022

This is true, BUT -D is not the same thing as -d.   The reason I'm using -d is so the server only runs one time and then exits.  This doesn't happen with -D.   And as you point out, even with -D -ologlevel=debug3, there is still a debug3 message generated on the client.

Running -d or -dd will generate the "Environment" message on the client, which is actually more troublesome then the "debug" message generated with -ddd, because it's not an obvious debug message.

I'd be happy to supply a patch for this, but I'm at a loss as to why the "Environment" and errant "debug3" messages are generated on the client.  How does setting debug on the server trigger debug on the client, but only for some messages?   Does it have to do with when the message is printed with regards to the creation of the tunnel?

The "Environment" message appears to be coming from session.c line 1299 (as of CVS 2010-04-09).  That code is wrapped with "if (debug_flag)".  The "debug3" message appears to come from channels.c line 375.  How is checking the debug_flag and/or calling the debug3() function different at those points then another other point in the code?
Comment 3 Damien Miller 2010-11-24 11:54:42 AEDT 
Created attachment 1965 [details]
/home/djm/ssh-undebug-post-fork.diff

quell debug that appears post-session fork
Comment 4 Damien Miller 2010-11-24 12:28:11 AEDT 
Printing the environment is intentional, since it is useful in debugging the server and getting it out of the server's own debug output would require quite a bit of rearrangement.

The just-attached patch to quell the spurious close_fds debug message has been committed and will be in 5.7. I'd recommend using "sshd -DeoLoglevel=debug3" when you want to run a debug server that doesn't alter client behaviour in any way.
Comment 5 Damien Miller 2011-01-24 12:33:51 AEDT 
Move resolved bugs to CLOSED after 5.7 release