fix(console): skip extra newline after username in login_stage_2()#23295
Merged
StormLiangMS merged 1 commit intosonic-net:masterfrom Mar 26, 2026
Merged
Conversation
Collaborator
|
/azp run |
github-actions
bot
requested review from
bingwang-ms,
matthew-soulsby and
xwjiang-ms
|
Azure Pipelines successfully started running 1 pipeline(s). |
lipxu
force-pushed
the
fix/console-login-extra-newline
branch
from
4b78112 to
f96255f
Compare
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
lipxu
force-pushed
the
fix/console-login-extra-newline
branch
from
f96255f to
db8af0e
Compare
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
The login loop in SSHConsoleConn.login_stage_2() sends an unconditional write_channel(RETURN) at the bottom of every iteration. After the username is sent and user_sent is set to True, the loop falls through to this write_channel, sending a blank newline to the DUT before the Password: prompt is read. The DUT receives the blank newline as the password input, causing authentication to fail. Linux pam_faildelay then enforces a 3-second delay before responding with Login incorrect. The test framework times out within this 3-second window, closes the connection, and retries - all three attempts fail the same way. Fix: add continue after user_sent = True so the loop restarts at the top and waits for the Password: prompt before taking any further action. Root cause confirmed via live manual test on bjw-can-7060-1: - Sending empty Enter at Password: prompt -> 3-second silence -> Login incorrect - Normal login with correct password succeeds in under 1 second - Pass rate of dut_console/test_escape_character.py was 2.6% due to this race Signed-off-by: Liping Xu <xuliping@microsoft.com>
lipxu
force-pushed
the
fix/console-login-extra-newline
branch
from
db8af0e to
b5cf26f
Compare
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
yxieca
approved these changes
Mar 26, 2026
Collaborator
yxieca
left a comment
yxieca
left a comment
There was a problem hiding this comment.
AI agent on behalf of Ying. Reviewed; no issues found.
StormLiangMS
added
the
Request for 202511 branch
12 tasks
mssonicbld
pushed a commit
to mssonicbld/sonic-mgmt
that referenced
this pull request
Mar 26, 2026
…onic-net#23295) The login loop in SSHConsoleConn.login_stage_2() sends an unconditional write_channel(RETURN) at the bottom of every iteration. After the username is sent and user_sent is set to True, the loop falls through to this write_channel, sending a blank newline to the DUT before the Password: prompt is read. The DUT receives the blank newline as the password input, causing authentication to fail. Linux pam_faildelay then enforces a 3-second delay before responding with Login incorrect. The test framework times out within this 3-second window, closes the connection, and retries - all three attempts fail the same way. Fix: add continue after user_sent = True so the loop restarts at the top and waits for the Password: prompt before taking any further action. Root cause confirmed via live manual test on bjw-can-7060-1: - Sending empty Enter at Password: prompt -> 3-second silence -> Login incorrect - Normal login with correct password succeeds in under 1 second - Pass rate of dut_console/test_escape_character.py was 2.6% due to this race Signed-off-by: Liping Xu <xuliping@microsoft.com> Signed-off-by: mssonicbld <sonicbld@microsoft.com>
Collaborator
|
Cherry-pick PR to 202511: #23362 |
2 tasks
ravaliyel
pushed a commit
to ravaliyel/sonic-mgmt
that referenced
this pull request
Mar 27, 2026
…onic-net#23295) The login loop in SSHConsoleConn.login_stage_2() sends an unconditional write_channel(RETURN) at the bottom of every iteration. After the username is sent and user_sent is set to True, the loop falls through to this write_channel, sending a blank newline to the DUT before the Password: prompt is read. The DUT receives the blank newline as the password input, causing authentication to fail. Linux pam_faildelay then enforces a 3-second delay before responding with Login incorrect. The test framework times out within this 3-second window, closes the connection, and retries - all three attempts fail the same way. Fix: add continue after user_sent = True so the loop restarts at the top and waits for the Password: prompt before taking any further action. Root cause confirmed via live manual test on bjw-can-7060-1: - Sending empty Enter at Password: prompt -> 3-second silence -> Login incorrect - Normal login with correct password succeeds in under 1 second - Pass rate of dut_console/test_escape_character.py was 2.6% due to this race Signed-off-by: Liping Xu <xuliping@microsoft.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
SSHConsoleConn.login_stage_2()has an unconditionalwrite_channel(self.RETURN)at the bottom of every loop iteration. After sending the username, the next loop iteration reads the terminal echo of the username ("admin"), which matches neither the login-prompt pattern nor the Password-prompt pattern — so allifbranches are skipped and the unconditionalwrite_channel(RETURN)fires, sending a blank newline to the DUT beforePassword:is shown.The DUT receives the blank newline as the password → authentication fails → Linux
pam_faildelayenforces a 3-second mandatory delay → the test framework times out → socket closes. All 3 retry attempts fail the same way.dut_console/test_escape_character.pyhad a 2.6% pass rate (out of 11,323 runs over 30 days) due to this bug. Rare passes happen only when network timing causes the real password to race ahead of the accidental blank Enter.Root Cause
The loop-bottom
write_channel(self.RETURN)is intended to wake up the terminal when no pattern is matched (e.g., before the login prompt appears). It should only fire while waiting for the username prompt, not after the username has been sent:Fix
Guard the loop-bottom
write_channel(RETURN)so it only fires when still waiting for the username prompt:Verification
Manually confirmed on
bjw-can-7060-1via console (bjw-can-e1031-2, line 27):Password:prompt → ~3 seconds silence → "Login incorrect" (pam_faildelay)pam_faildelay.so delay=3000000Re-run on
vms11-t0-7060-cx32-1with partial fix confirmed the terminal-echo-iteration is the remaining bug (log showedwrite_channel: b'\n'between username and password).https://elastictest.org/scheduler/testplan/69c3c20fa32086e7e883bc08
Type of change
Tested