Skip to content

fix: resolve server panic and auth failure on client connection#185

Merged
inureyes merged 1 commit intomainfrom
fix/server-connection-panic
Apr 16, 2026
Merged

fix: resolve server panic and auth failure on client connection#185
inureyes merged 1 commit intomainfrom
fix/server-connection-panic

Conversation

@inureyes
Copy link
Copy Markdown
Member

@inureyes inureyes commented Apr 16, 2026

Summary

Fix two critical bugs that caused bssh-server to crash or reject every client connection since v2.0.1:

  • Panic on connect: new_client_with_addr called block_on() inside the tokio async runtime to check the auth rate limiter ban list, causing an immediate panic ("Cannot start a runtime from within a runtime"). Added AuthRateLimiter::try_is_banned() using non-blocking RwLock::try_read().

  • Auth success → reject: All SshHandler constructors created a local SessionInfo that was never registered with SessionManager. After pubkey/password verification succeeded, authenticate_session() returned SessionNotFound, rejecting the client. Fixed by deferring session creation to the auth flow via SessionManager::create_session().

Test plan

  • 429 unit tests pass (21 binary + 408 library)
  • 33-item integration test suite with system SSH client — all pass
    • Basic exec (echo, whoami, pwd, uname, date, id, ls)
    • Exit code propagation (0, 1, 42, true, false)
    • Pipes (echo|cat, seq|wc, echo|grep, cat|head)
    • Stdin forwarding
    • Large output (seq 1000, yes 500)
    • Security metachar rejection (&&, ;, $HOME, $(), backtick → exit 126)
    • Nonexistent command (exit 127)
    • Rapid sequential connections (5x)
    • Host key algorithm selection (ed25519, rsa-sha2-256)
  • Server survives all tests without crash
  • Graceful shutdown (SIGTERM/SIGINT) works
  • All subcommands work (version, gen-config, gen-host-key, check-config)

@inureyes
fix: resolve server panic and auth failure on client connection
9b1191d 
Fix two bugs that caused bssh-server to crash or reject authenticated
clients on every incoming connection:

1. block_on panic in async runtime: new_client_with_addr (sync trait)
   called Handle::block_on(is_banned()) inside the tokio runtime,
   triggering "Cannot start a runtime from within a runtime". Replaced
   with a non-blocking try_is_banned() using RwLock::try_read().

2. Session not registered with SessionManager: All SshHandler
   constructors initialized session_info with a local SessionInfo that
   was never inserted into SessionManager's sessions map. This caused
   authenticate_session() to return SessionNotFound after successful
   key/password verification. Fixed by initializing session_info as
   None and creating sessions through SessionManager during auth.
@inureyes inureyes added type:bug Something isn't working status:review Under review priority:critical Requires immediate attention labels Apr 16, 2026
@inureyes inureyes merged commit 5a4a514 into main Apr 16, 2026
2 checks passed
@inureyes inureyes deleted the fix/server-connection-panic branch April 16, 2026 15:28
@inureyes inureyes added status:done Completed and removed status:review Under review labels Apr 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

priority:critical Requires immediate attention status:done Completed type:bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@inureyes