On Thu, 23 Jan 2020, Damien Miller wrote:
> On Wed, 22 Jan 2020, Stuart Henderson wrote:
>
> > On 2020/01/21 15:39, Damien Miller wrote:
> > > CVSROOT: /cvs
> > > Module name: src
> > > Changes by: d...@cvs.openbsd.org 2020/01/21 15:39:57
> > >
> > > Modified files:
> > > usr.bin/ssh : sshd.c
> > >
> > > Log message:
> > > expose the number of currently-authenticating connections
> > > along with the MaxStartups limit in the proctitle;
> > > suggestion from Philipp Marek, w/ feedback from Craig Miskell
> > > ok dtucker@
> > >
> >
> > It's nice to have this information visible, but it brings some problems.
> > You can't now distinguish between multiple sshd processes (e.g. if you
> > run several on different ports it's hard to figure out which one to
> > signal if needed).
>
> How could you discern between different sshd processes before? Just the
> command-line args?
>
> What information would you like there? We could put the first N listen
> addrs in the proctitle if that would help.
Maybe like this:
63817 ?? S 0:00.05 sshd: [listen] on [0.0.0.0]:22, [::]:22, 0 of 10-100
ok?
diff --git a/sshd.c b/sshd.c
index ec644c9..15014d1 100644
--- a/sshd.c
+++ b/sshd.c
@@ -240,6 +240,9 @@ void destroy_sensitive_data(void);
void demote_sensitive_data(void);
static void do_ssh2_kex(struct ssh *);
+/* Listen info for proctitle */
+static char *proctitle_listen_addr;
+
/*
* Close all listening sockets
*/
@@ -913,7 +916,7 @@ listen_on_addrs(struct listenaddr *la)
{
int ret, listen_sock;
struct addrinfo *ai;
- char ntop[NI_MAXHOST], strport[NI_MAXSERV];
+ char *cp, ntop[NI_MAXHOST], strport[NI_MAXSERV];
for (ai = la->addrs; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
@@ -973,6 +976,15 @@ listen_on_addrs(struct listenaddr *la)
ntop, strport,
la->rdomain == NULL ? "" : " rdomain ",
la->rdomain == NULL ? "" : la->rdomain);
+ if (num_listen_socks < 3) {
+ cp = proctitle_listen_addr;
+ xasprintf(&proctitle_listen_addr, "%s%s[%s]:%s%s%s",
+ cp == NULL ? "" : cp, cp == NULL ? "" : ", ",
+ ntop, strport,
+ la->rdomain == NULL ? "" : " rdomain ",
+ la->rdomain == NULL ? "" : la->rdomain);
+ free(cp);
+ }
}
}
@@ -1030,7 +1042,9 @@ server_accept_loop(int *sock_in, int *sock_out, int
*newsock, int *config_s)
*/
for (;;) {
if (ostartups != startups) {
- setproctitle("[listener] %d of %d-%d startups",
+ setproctitle("[listen] on %s%s, "
+ "%d of %d-%d startups", proctitle_listen_addr,
+ num_listen_socks > 3 ? " [...]" : "",
startups, options.max_startups_begin,
options.max_startups);
ostartups = startups;
