LTSP5

[PATCH] Bye bye "No response from server" - add ssh error logging

Bug #1325388 reported by Jakob Unterwurzacher
18
This bug affects 4 people
Affects Status Importance Assigned to Milestone
LTSP5
Fix Released
Medium
Jakob Unterwurzacher

Bug Description

This should make debugging login issues somewhat easier.
Patch is attached - commit message reproduced below:

Subject: [PATCH] Bye bye "No response from server" - add ssh error logging

ldm now reads the full output from ssh even if it dies on the way.
Proper error messages are logged and displayed, wrapped in _() so
they can be localized.

Messages we get:
* Permission denied (publickey,password).
  The common case of a password typo or invalid user.
  We make sure we read all the output BEFORE checking if the child has
  died. Also, we handle EINTR, as this is what select() returns when it
  gets SIGCHLD.

* ssh: connect to host server port 22: Connection timed out
  For that to work, ConnectTimeout=10 is set on the ssh command line.
  Otherwise the 30 second timeout elapses before ssh tells us what is
  going on.

* ssh: connect to host server port 22: Connection refused
  That message contains a ": " like the password prompt. This is solved
  by waiting for 200ms of silence before searching for the prompt (polling
  interval reduced from 1s to 200ms to not bore the user).
  In the error case, ssh will have exited in the meantime, and we know
  for sure that it was NOT a password prompt.

Related branches

lp:debian/ldm
Revision history for this message
Jakob Unterwurzacher (jakobunt) wrote :
Vagrant Cascadian (vagrantc)
Changed in ltsp:
importance: Undecided → High
status: New → Confirmed
Revision history for this message
Jakob Unterwurzacher (jakobunt) wrote :

Proposed merge https://code.launchpad.net/~jakobunt/ltsp/ldm-log-v2/+merge/235541

Revision history for this message
Vagrant Cascadian (vagrantc) wrote :

This has been fixed in bzr.

Changed in ltsp:
status: Confirmed → Fix Committed
Revision history for this message
Alkis Georgopoulos (alkisg) wrote :

@jakobunt: this patch adds a 30 seconds delay when the username/password is wrong.
Is it possible to lower it to e.g. 5 seconds?
30 seconds seems like an extremely long time to wait for ssh authentication on LAN...

Revision history for this message
Jakob Unterwurzacher (jakobunt) wrote :

Hmm, the error message should be displayed as soon as SSH prints it out.

Could you post the log of when this happens (/var/log/ldm.log on the thin client)?

Revision history for this message
Alkis Georgopoulos (alkisg) wrote :

Hi Jakob, sorry for not answering for so long, I didn't get a notification mail from launchpad.

Here's the log. The first time it was somewhat OK, but on the second try it took a long time:

Δεκ 5 07:46:04: [ldm] INFO: started on client with IP address: 192.168.67.246
Δεκ 5 07:46:04: [ldm] INFO: calling rc.d init scripts
Δεκ 5 07:46:04: [ldm] INFO: authenticating with backend: ssh
Δεκ 5 07:46:18: [ssh] INFO: calling rc.d pressh scripts
Δεκ 5 07:46:18: [ssh] INFO: ssh_session: ssh -Y -t -M -S /var/run/ldm_socket_2643_server -o NumberOfPasswordPrompts=1 -o ConnectTimeout=10 -l asdf -o Ciphers=arcfour128,aes128-ctr server echo LTSPROCKS; exec /bin/sh -
Δεκ 5 07:46:20: [ssh] ERROR: ssh returned: Permission denied (publickey,password).
Δεκ 5 07:46:25: [ssh] CRITICAL: no response, restarting
Δεκ 5 07:46:27: [ldm] INFO: started on client with IP address: 192.168.67.246
Δεκ 5 07:46:27: [ldm] INFO: calling rc.d init scripts
Δεκ 5 07:46:27: [ldm] INFO: authenticating with backend: ssh
Δεκ 5 09:46:38: [ssh] INFO: calling rc.d pressh scripts
Δεκ 5 09:46:38: [ssh] INFO: ssh_session: ssh -Y -t -M -S /var/run/ldm_socket_2867_server -o NumberOfPasswordPrompts=1 -o ConnectTimeout=10 -l qwer -o Ciphers=arcfour128,aes128-ctr server echo LTSPROCKS; exec /bin/sh -
Δεκ 5 09:47:09: [ssh] ERROR: ssh returned: Permission denied (publickey,password).
Δεκ 5 09:47:14: [ssh] CRITICAL: no response, restarting
Δεκ 5 09:47:16: [ldm] INFO: started on client with IP address: 192.168.67.246
Δεκ 5 09:47:16: [ldm] INFO: calling rc.d init scripts
Δεκ 5 09:47:16: [ldm] INFO: authenticating with backend: ssh

If you cannot reproduce it by simply entering a wrong username/password two times, I can provide a VM for you to test with... you can find me in the #ltsp IRC channel. Or if you have some specific patch, I could test it. Thanks for your work!

Revision history for this message
Alkis Georgopoulos (alkisg) wrote :

Fix released in LDM 2.2.18.

Jacob, please check comment #6 about whether you can reproduce the delay issue that this commit introduced.

Changed in ltsp:
assignee: nobody → Jakob Unterwurzacher (jakobunt)
importance: High → Medium
Alkis Georgopoulos (alkisg)
Changed in ltsp:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.