# HG changeset patch # User Matt Johnston # Date 1634570408 -28800 # Node ID 5c13e765ddbd2b19e25b564af7e56698814e71d0 # Parent ce17be95a42aa5189ac3935b3acc143be00e6964 Only redirect stderr after the session login. That lets errors get recorded on the server parent side, rather than being sent over a SSH connection. diff -r ce17be95a42a -r 5c13e765ddbd svr-chansession.c --- a/svr-chansession.c Mon Oct 18 15:17:14 2021 +0800 +++ b/svr-chansession.c Mon Oct 18 23:20:08 2021 +0800 @@ -841,20 +841,28 @@ pty_make_controlling_tty(&chansess->slave, chansess->tty); if ((dup2(chansess->slave, STDIN_FILENO) < 0) || - (dup2(chansess->slave, STDERR_FILENO) < 0) || (dup2(chansess->slave, STDOUT_FILENO) < 0)) { TRACE(("leave ptycommand: error redirecting filedesc")) return DROPBEAR_FAILURE; } - close(chansess->slave); - /* write the utmp/wtmp login record - must be after changing the - * terminal used for stdout with the dup2 above */ + * terminal used for stdout with the dup2 above, otherwise + * the wtmp login will not be recorded */ li = chansess_login_alloc(chansess); login_login(li); + dropbear_log(LOG_WARNING, "bad thing happened"); login_free_entry(li); + /* Can now dup2 stderr. Messages from login_login() have gone + to the parent stderr */ + if (dup2(chansess->slave, STDERR_FILENO) < 0) { + TRACE(("leave ptycommand: error redirecting filedesc")) + return DROPBEAR_FAILURE; + } + + close(chansess->slave); + #if DO_MOTD if (svr_opts.domotd && !chansess->cmd) { /* don't show the motd if ~/.hushlogin exists */