Bug 2936 - ssh tries to use empty $SSH_AUTH_SOCK
Summary: ssh tries to use empty $SSH_AUTH_SOCK
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 7.9p1
Hardware: Other Linux
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_8_0
  Show dependency treegraph
 
Reported: 2018-11-29 23:50 AEDT by Pierre Ossman
Modified: 2021-10-14 01:41 AEDT (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Pierre Ossman 2018-11-29 23:50:37 AEDT 
If you do this:

> $ SSH_AUTH_SOCK= ssh foo@bar

Then ssh will try to connect to an agent at address "\0\0\0\0....", which is a perfectly legal abstract socket address on Linux.

This was discovered by the fact that irqbalance 1.5.0 happens to listen to that address:

https://github.com/Irqbalance/irqbalance/issues/85

The end result is that ssh hangs as it tries to talk to irqbalance, believing it is an SSH agent.


This is a very confusing behaviour and I would have expected an empty $SSH_AUTH_SOCK to be treated the same as if it was not set at all.
Comment 1 Jakub Jelen 2018-11-30 01:10:29 AEDT 
The following patch should take care of this:

diff --git a/authfd.c b/authfd.c
index ecdd869a..972f1b5f 100644
--- a/authfd.c
+++ b/authfd.c
@@ -94,7 +94,7 @@ ssh_get_authentication_socket(int *fdp)
 		*fdp = -1;
 
 	authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
-	if (!authsocket)
+	if (!authsocket || authsocket[0] == '\0')
 		return SSH_ERR_AGENT_NOT_PRESENT;
 
 	memset(&sunaddr, 0, sizeof(sunaddr));
Comment 2 Damien Miller 2018-12-07 13:11:32 AEDT 
Fix committed - this will be in OpenSSH 8.0
Comment 3 Damien Miller 2021-04-23 15:09:59 AEST 
closing resolved bugs as of 8.6p1 release
Comment 4 Ahmed Sayeed 2021-10-14 01:41:59 AEDT 
[spam removed]