Re: SSH channels

[Phil Shafer <phil@juniper.net>]

Martin Bjorklund writes:
>In draft-ietf-netconf-ssh-05,txt, section 5 implies that multiple
>channels are not supported (at least not very cleanly), since it
>explicitly states that when an agent receives a <close-session>, it
>shall terminate the SSH session and the TCP connection.

I don't see this.  Section 3 of draft-ietf-netconf-ssh-06.txt reads:

   After the ssh-connection service is established, the client will open
   a channel of type "session", which will result in an SSH session.

So the "SSH session" refers to the SSH channel of type "session".

Then in Section 5, we have:

   ... When the agent processes a <close-session>
   command, the agent shall respond and terminate the SSH session.  The
   agent MUST NOT process any RPC commands received on the current
   session after the <close-session> command.

If you see the use of netconf over a distinct channel as a distinct
netconf session, then the close-session on one would not affect the
other.  You get this for free with openssh, since the ssh daemon spawns
the subsystem as a child process, cleaning up when all children have
been reaped.  If you start two netconf subsystems, sshd will continue
until both have died.

The other reading would mean that <close-session> would need to kill
the parent sshd.  Even so, if the only thing blocking this is the close
RPC, we could fix the close RPC.

Thanks,
 Phil

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>