From owner-freebsd-stable@FreeBSD.ORG  Fri Jul 11 03:37:51 2003
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ED75737B401
	for <freebsd-stable@freebsd.org>;
	Fri, 11 Jul 2003 03:37:51 -0700 (PDT)
Received: from mailhost.xciv.org (vantage.xciv.org [217.158.13.13])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2A34B43FB1
	for <freebsd-stable@freebsd.org>;
	Fri, 11 Jul 2003 03:37:51 -0700 (PDT)	(envelope-from paul@xciv.org)
Received: from localhost ([127.0.0.1] helo=xciv.org)
	by mailhost.xciv.org with esmtp
	id 19avHf-000LwP-00; Fri, 11 Jul 2003 11:37:47 +0100
To: freebsd-stable@freebsd.org
Organization: XCIV, London UK
Date: Fri, 11 Jul 2003 11:37:47 +0100
Message-ID: <84344.1057919867@xciv.org>
From: Paul Civati <paul@xciv.org>
Subject: SSH/v1 dead processes bug
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: paul@xciv.org
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jul 2003 10:37:52 -0000


Should I submit this as a proper bug, or will someone look at it?

Basically, between 4.7-REL and 4.8-REL ssh was upgraded and now exhibits
the following bug.

If you connect with protocol v1 you get three ssh processes, one of
which never dies, even after the ssh session has been closed.

% ps aux | grep ssh
root      219  0.0  0.0  4076    0  ??  IW   -         0:00.00 sshd: paul [priv
root      265  0.0  0.0  4076    0  ??  IW   -         0:00.00 sshd: paul [priv
root      580  0.0  0.3  2592  640  ??  Is   Wed09PM   0:01.54 /usr/sbin/sshd
root      584  0.0  0.0  4076    0  ??  IW   -         0:00.00 sshd: root [priv
root      592  0.0  0.0  4076    0  ??  IW   -         0:00.00 sshd: root [priv
root     1687  0.0  0.0  4076    0  ??  IW   -         0:00.00 sshd: root [priv
root     5077  0.0  0.0  4076    0  ??  IW   -         0:00.00 sshd: root [priv
root    40458  0.0  0.0  4076    0  ??  IW   -         0:00.00 sshd: paul [priv
root    40467  0.0  0.0  4076    0  ??  IW   -         0:00.00 sshd: paul [priv
root    41042  0.0  0.0  4076    0  ??  IW   -         0:00.00 sshd: paul [priv
root    79545  0.0  0.6  5292 1568  ??  I    10:33AM   0:00.03 sshd: paul [priv
root    79547  0.0  0.6  4076 1532  ??  I    10:33AM   0:00.00 sshd: paul [priv
paul    79548  0.0  0.7  5292 1656  ??  S    10:33AM   0:00.41 sshd: paul@ttyp0
root    80170  0.0  0.7  5292 1624  ??  I    11:07AM   0:00.03 sshd: paul [priv
root    80172  0.0  0.6  4076 1592  ??  I    11:07AM   0:00.00 sshd: paul [priv
paul    80173  0.0  0.8  5292 2044  ??  I    11:07AM   0:00.01 sshd: paul@ttypc
root    80290  0.0  0.7  5292 1644  ??  I    11:12AM   0:00.02 sshd: paul [priv
paul    80319  0.0  0.7  5292 1704  ??  I    11:14AM   0:00.01 sshd: paul@ttypd

You'll see the dead ssh processes without any timestamp, two open v1
connections with thee processes, and one v2 connection with just two
processes.

The nasty problem with this I've found is that once you reach a certain
number of these dead processes lying around, ssh seems to start refusing
connections with:

ssh_exchange_identification: Connection closed by remote host

-Paul-