Bug#734553: ssh-agent: monotonic clock for key lifetime produces unexpected results on laptops

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#734553: ssh-agent: monotonic clock for key lifetime produces unexpected results on laptops
From: Mattthew Gabeler-Lee <cheetah@fastcat.org>
Date: Wed, 08 Jan 2014 00:13:13 -0500
Message-id: <[🔎] 20140108051313.18485.23922.reportbug@bengal.lo>
Reply-to: Mattthew Gabeler-Lee <cheetah@fastcat.org>, 734553@bugs.debian.org

Package: openssh-client
Version: 1:6.4p1-2
Severity: normal

The ssh-agent program I discovered uses the CLOCK_MONOTONIC for determining
key expiration.  I'm not sure if this is new, or if the kernel/libc changed
something in a recent update, or if I simply didn't notice this before, but
I've found it produces some rather unexpected behavior on laptops that go to
sleep.

Example: I'm going to work remotely on a Friday.  I ssh-add -t $((3600*8))
to have the key expire after my work day completes.  I finish after only 6
hours of work, however, and so I put the laptop to sleep.  I wake it up
Monday morning after it's been asleep for over 48 hours, and find that the
key is still in the agent, and will be for 2 hours!

According to some googling and reading, CLOCK_MONOTONIC is not /supposed/ to
work this way regarding suspend time according to the pec, but it seems like
it long (always) has in the Linux kernel (c.f. 
https://lkml.org/lkml/2014/1/1/57 and surrounding thread).

PS: $ uname -a
Linux bengal 3.11-2-amd64 #1 SMP Debian 3.11.10-1 (2013-12-04) x86_64 GNU/Linux

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.11-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-client depends on:
ii  adduser           3.113+nmu3
ii  dpkg              1.17.5
ii  libc6             2.17-97
ii  libedit2          3.1-20130712-2
ii  libgssapi-krb5-2  1.11.3+dfsg-3+nmu1
ii  libselinux1       2.2.1-1
ii  libssl1.0.0       1.0.1e-6
ii  passwd            1:4.1.5.1-1
ii  zlib1g            1:1.2.8.dfsg-1

Versions of packages openssh-client recommends:
ii  xauth  1:1.0.7-1

Versions of packages openssh-client suggests:
pn  keychain                              <none>
pn  libpam-ssh                            <none>
pn  monkeysphere                          <none>
ii  openssh-blacklist                     0.4.1+nmu1
ii  openssh-blacklist-extra               0.4.1+nmu1
ii  ssh-askpass-fullscreen [ssh-askpass]  0.3-3.1

-- no debconf information

Reply to:

Prev by Date: Bug#734386: /usr/bin/scp: Hosts from .ssh/config recognized on source or target but not both
Next by Date: Processed: Bug#732966: [openssl] Update to openssl 1.0.1e-5 renders X unusable
Previous by thread: Bug#734386: /usr/bin/scp: Hosts from .ssh/config recognized on source or target but not both
Next by thread: Processed: Bug#732966: [openssl] Update to openssl 1.0.1e-5 renders X unusable
Index(es):
- Date
- Thread