[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH channels

To: phil@juniper.net
Subject: Re: SSH channels
From: Martin Bjorklund <mbj@tail-f.com>
Date: Tue, 18 Jul 2006 18:57:07 +0200 (CEST)
Cc: netconf@ops.ietf.org
In-reply-to: <200607171947.k6HJlmwn034557@idle.juniper.net>
References: <20060717.193349.21925466.mbj@tail-f.com> <200607171947.k6HJlmwn034557@idle.juniper.net>

Phil Shafer <phil@juniper.net> wrote:
> Martin Bjorklund writes:
> >In draft-ietf-netconf-ssh-05,txt, section 5 implies that multiple
> >channels are not supported (at least not very cleanly), since it
> >explicitly states that when an agent receives a <close-session>, it
> >shall terminate the SSH session and the TCP connection.
> 
> I don't see this.  Section 3 of draft-ietf-netconf-ssh-06.txt reads:
> 
>    After the ssh-connection service is established, the client will open
>    a channel of type "session", which will result in an SSH session.
> 
> So the "SSH session" refers to the SSH channel of type "session".

You're right.  I looked at an old version of the draft...  sorry about
that.

Furthermore, section 5 says:

   To continue the example used in previous sections, an existing
   NETCONF subsystem session could be closed as follows:
           ^^^^^^^^^^^^^^^^^

> Then in Section 5, we have:
> 
>    ... When the agent processes a <close-session>
>    command, the agent shall respond and terminate the SSH session.  The
>    agent MUST NOT process any RPC commands received on the current
>    session after the <close-session> command.
> 
> If you see the use of netconf over a distinct channel as a distinct
> netconf session, then the close-session on one would not affect the
> other.  You get this for free with openssh, since the ssh daemon spawns
> the subsystem as a child process, cleaning up when all children have
> been reaped.  If you start two netconf subsystems, sshd will continue
> until both have died.
> 
> The other reading would mean that <close-session> would need to kill
> the parent sshd.  Even so, if the only thing blocking this is the close
> RPC, we could fix the close RPC.

So, I also think that the draft should be read as mapping one SSH
channel to one NETCONF session.

(Which, as you pointed out, makes it easier to use OpenSSH, since this
is it's default behaviour.)


/martin

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

References:
- SSH channels
  - From: Martin Bjorklund <mbj@tail-f.com>
- Re: SSH channels
  - From: Phil Shafer <phil@juniper.net>

Prev by Date: Re: SSH channels
Next by Date: Confirmation of HTTPS use for the port 832
Previous by thread: Re: SSH channels
Next by thread: Notifications in opsec
Index(es):
- Date
- Thread