From: Daniel Kahn Gillmor Date: Wed, 10 Sep 2008 20:30:06 +0000 (-0400) Subject: renamed cssh bug -- we know these are all monkeysphere bugs, so they do not all need... X-Git-Tag: monkeysphere_0.16-1~81 X-Git-Url: https://codewiz.org/gitweb?a=commitdiff_plain;h=0c63107a90d9fcb43f78fdd47c041c35ac4599df;p=monkeysphere.git renamed cssh bug -- we know these are all monkeysphere bugs, so they do not all need to start with "monkeysphere". --- diff --git a/website/bugs/cssh-connection-timeout.mdwn b/website/bugs/cssh-connection-timeout.mdwn new file mode 100644 index 0000000..073b0cf --- /dev/null +++ b/website/bugs/cssh-connection-timeout.mdwn @@ -0,0 +1,73 @@ +[[meta title="Monkeysphere interferes with clusterssh"]] + +clusterssh is a package that allows you to control multiple ssh xterm +sessions at the same time. + +When the monkeysphere-ssh-proxycommand is enabled and I launch 5 or more +cssh sessions, intermittently one or two out of every five will fail +with: Connection timed out during banner exchange. + +I tried to debug by running: + + MONKEYSPHERE_LOG_LEVEL=debug cssh -D -d etc. + +However, while it produced some private data, it didn't give me any +insight into what was going wrong. Also, it didn't output any +Monkeysphere debugging info. + +I had no luck with google and the error message being output. + +This isn't a huge priority (it's not hard to disable the +monkeysphere-ssh-proxycommand before running cssh), however, it would be +nice to figure out why it's not working. + +--- + +What do you mean by "produced some private data" when you set the log +level to DEBUG? Monkeysphere does not output any "private" data in +the sense of private keys or passwords or anything like that. Maybe +you mean the cssh debug mode outputs private data? or do you just +mean "info that you don't want to post here"? It might be useful to +see some output, so maybe you could just block out the nasty bits? +But I'm not sure it will help. + +The problem may be due to the locking of the known\_hosts file while +the proxycommand is running. At the moment, the +monkeysphere-ssh-proxycommand can only be run serially, since each +invocation will lock the known\_hosts file while it updates it. I +think this is required, since we obviously can't have two invocations +modifying the file at the same time. However, it's probably possible +to decrease the amount of time it takes to update the file. It's not +done very efficiently at the moment. The file is locked basically at +the very begining, and is locked while all gpg interactions are done, +which are slow. I think it should be possible to take the gpg +interactions out of the loop. + +I just tried cssh and it doesn't seem to work very well with my ssh +setup at all. For instance, the simultaneous ssh connections cause +simultaneous calls to the agent to get my permission to use the key, +which don't interact very well with each other. This of course is not +a monkeysphere problem but a general problem with trying to make +simultaneous ssh connections with an agent that want key use +confirmation. + +-- jrollins + +--- + +I can get cssh to work fine with a confirmation-required agent if i +turn off the monkeysphere proxycommand: + + cssh -l username -o '-oProxyCommand=none' $(cat hostlist.txt) + +with the proxycommand, i definitely get the "Connection timed out +during banner exchange" message. + +However, i'm also able to get the cssh connection to work if i assert +that a longer connection timeout is acceptable: + + cssh -l username -o '-oConnectTimeout=30' $(cat hostlist.txt) + +Perhaps this is an acceptable workaround? + +-- dkg diff --git a/website/bugs/monkeysphere-interferes-with-cssh.mdwn b/website/bugs/monkeysphere-interferes-with-cssh.mdwn deleted file mode 100644 index 073b0cf..0000000 --- a/website/bugs/monkeysphere-interferes-with-cssh.mdwn +++ /dev/null @@ -1,73 +0,0 @@ -[[meta title="Monkeysphere interferes with clusterssh"]] - -clusterssh is a package that allows you to control multiple ssh xterm -sessions at the same time. - -When the monkeysphere-ssh-proxycommand is enabled and I launch 5 or more -cssh sessions, intermittently one or two out of every five will fail -with: Connection timed out during banner exchange. - -I tried to debug by running: - - MONKEYSPHERE_LOG_LEVEL=debug cssh -D -d etc. - -However, while it produced some private data, it didn't give me any -insight into what was going wrong. Also, it didn't output any -Monkeysphere debugging info. - -I had no luck with google and the error message being output. - -This isn't a huge priority (it's not hard to disable the -monkeysphere-ssh-proxycommand before running cssh), however, it would be -nice to figure out why it's not working. - ---- - -What do you mean by "produced some private data" when you set the log -level to DEBUG? Monkeysphere does not output any "private" data in -the sense of private keys or passwords or anything like that. Maybe -you mean the cssh debug mode outputs private data? or do you just -mean "info that you don't want to post here"? It might be useful to -see some output, so maybe you could just block out the nasty bits? -But I'm not sure it will help. - -The problem may be due to the locking of the known\_hosts file while -the proxycommand is running. At the moment, the -monkeysphere-ssh-proxycommand can only be run serially, since each -invocation will lock the known\_hosts file while it updates it. I -think this is required, since we obviously can't have two invocations -modifying the file at the same time. However, it's probably possible -to decrease the amount of time it takes to update the file. It's not -done very efficiently at the moment. The file is locked basically at -the very begining, and is locked while all gpg interactions are done, -which are slow. I think it should be possible to take the gpg -interactions out of the loop. - -I just tried cssh and it doesn't seem to work very well with my ssh -setup at all. For instance, the simultaneous ssh connections cause -simultaneous calls to the agent to get my permission to use the key, -which don't interact very well with each other. This of course is not -a monkeysphere problem but a general problem with trying to make -simultaneous ssh connections with an agent that want key use -confirmation. - --- jrollins - ---- - -I can get cssh to work fine with a confirmation-required agent if i -turn off the monkeysphere proxycommand: - - cssh -l username -o '-oProxyCommand=none' $(cat hostlist.txt) - -with the proxycommand, i definitely get the "Connection timed out -during banner exchange" message. - -However, i'm also able to get the cssh connection to work if i assert -that a longer connection timeout is acceptable: - - cssh -l username -o '-oConnectTimeout=30' $(cat hostlist.txt) - -Perhaps this is an acceptable workaround? - --- dkg