[Bro-Dev] [JIRA] (BIT-1498) add '-q' to ssh execution in ssh_runner.py

Jon Schipp (JIRA) jira at bro-tracker.atlassian.net
Fri Mar 11 08:30:00 PST 2016 

    [ https://bro-tracker.atlassian.net/browse/BIT-1498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=24804#comment-24804 ] 

Jon Schipp commented on BIT-1498:
---------------------------------

I think the ssh messages are helpful in debugging problems but you're right we probably don't want to see the banner.

Some notes:
The banner prints when sshd_config is set to use the Banner option. Banner happens before authentication. The motd is not printed when the PrintMotd option is used.

root at manager:~# broctl start
starting manager ...
starting proxy-1 ...
starting worker-1 ...
starting worker-2 ...

This BANNER is displaying /etc/issue.net
Ubuntu 14.04.1 LTS

Stopping sshd on node1 will show banner and the informational ssh messages:
root at manager:~# broctl start
manager still running
proxy-1 still running
ssh: connect to host 10.1.1.20 port 22: Connection refused
This BANNER is displaying /etc/issue.net
Ubuntu 14.04.1 LTS
Error: cannot connect to worker-1
worker-2 still running

Stopping sshd on node1 while -q is set in ssh_runner.py yields a "Error: cannot connect", not the ssh errors.
root at manager:~# broctl start
...
Error: cannot connect to worker-1
worker-2 still running

Shutting down the node will yield
root at manager:~# broctl start
...
ssh: connect to host 10.1.1.20 port 22: No route to host
Error: cannot connect to worker-1

> add '-q' to ssh execution in ssh_runner.py
> ------------------------------------------
>
>                 Key: BIT-1498
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1498
>             Project: Bro Issue Tracker
>          Issue Type: Patch
>          Components: BroControl
>    Affects Versions: 2.4
>            Reporter: scampbell
>            Assignee: Jon Schipp
>            Priority: Trivial
>              Labels: broctl
>             Fix For: 2.5
>
>
> When using broctl in an environment with login banners, they will be displayed in the broctl command.  In the event that they can not be configured away on the sshd end using '-q' avoids displaying the banner on the client side.
> The patch is trivial:
> --- a/BroControl/ssh_runner.py
> +++ b/BroControl/ssh_runner.py
> @@ -108,6 +108,7 @@ class SSHMaster:
>          self.base_cmd = [
>              "ssh",
>              "-o", "BatchMode=yes",
> +            "-q",
>              host,
>          ]
>          self.need_connect = True



--
This message was sent by Atlassian JIRA
(v7.2.0-OD-03-014#72000)

More information about the bro-dev mailing list