From owner-freebsd-stable@FreeBSD.ORG Sat Jun 14 17:55:20 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E08BA37B404 for ; Sat, 14 Jun 2003 17:55:20 -0700 (PDT) Received: from rsmba.biz (evrtwa1-ar19-4-41-130-089.evrtwa1.dsl-verizon.net [4.41.130.89]) by mx1.FreeBSD.org (Postfix) with SMTP id 0E72543FAF for ; Sat, 14 Jun 2003 17:55:20 -0700 (PDT) (envelope-from rschi@rsmba.biz) Received: (qmail 379 invoked from network); 15 Jun 2003 00:52:45 -0000 Received: from localhost (HELO foghorn.rsmba.biz) (127.0.0.1) by localhost with SMTP; 15 Jun 2003 00:52:45 -0000 Date: Sat, 14 Jun 2003 17:52:45 -0700 From: Richard Schilling To: freebsd-stable@freebsd.org Message-ID: <20030615005245.GC357@foghorn.rsmba.biz> References: <20030614053608.GB8466@laptop.lambertfam.org> Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset=ISO-8859-15 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20030614053608.GB8466@laptop.lambertfam.org>; from lambert@lambertfam.org on Fri, Jun 13, 2003 at 22:36:08 -0700 X-Mailer: Balsa 1.4.4 Lines: 79 Subject: Re: sshd refusing connections problem X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Jun 2003 00:55:21 -0000 Do you notice wether or not it takes a certain number of connections for the bug to show up? I'm not seeing this problem with just a few people connecting via sftp (about 2-4 times per week). --Richard On 2003.06.13 22:36 Scott Lambert wrote: > We have been having a problem with sshd on our shell server. > > This has been happening since March 4, 2003 or before IIRC. Initially > I > thought the next OS upgrade, to 4.8 would fix this. I am accustomed > to > haveing little things go away in a month or two. > > I think we jumped to 4.7-STABLE on Feb 28, 2003. Some exploit fix > wasn't being MFSd to RELENG_4_7 fast enough for my nerves (cvsd?). It > was last upgraded to FreeBSD 4.8-RELEASE #8: Mon Mar 31 22:13:07 EST > 2003, RELENG_4_8. > > sshd regularly stops accepting new connections. There is never > anything > in the logs. This time the last connection before sshd stopped taking > new connections was the user, lets call him "bob" who always manages > to > leave a lot of processes with the title of "sshd: bob [priv] (sshd)". > Bob currently has 35 of those processes up. > > Jun 13 19:17:55 shell sshd[39482]: Accepted password for bob from > 10.321.321.321 port 3616 > Jun 13 20:28:01 shell sshd[72401]: Received SIGHUP; restarting. > Jun 13 20:28:02 shell sshd[41220]: Server listening on 0.0.0.0 port > 22. > Jun 13 21:06:49 shell sshd[42072]: Accepted publickey for scott from > 68.160.236.249 > > Obviously, I faked the IP for "bob". > > I consoled in this time and hooked up truss to the server PID. I was > running: > > while true ; do /usr/bin/ssh shell.example.com; done; > > Thinking that if it were a file handle problem, I might accidentally > get in if I caught it as an active user logged out. It was closing > the > connection as soon as it was made (TCP handshake). I have, umm, lost > the error messages I was seeing on my side. Hopefully the truss > output > will be sufficient. My ssh client never got far enough to negotiate a > key with the server. > > Truss output is at : > > http://www.lambertfam.org/~lambert/sshd_problem/truss_sshd > > netstat -an | grep '\.22 ' output is at : > > http://www.lambertfam.org/~lambert/sshd_problem/netstat-an_sshd > > Faked the first two octets of the other users' IPs. > > Once I -HUP the sshd process and it forks a new daemon, everything is > ok > for another week or two. > > -- > Scott Lambert KC5MLE Unix > SysAdmin > lambert@lambertfam.org > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to > "freebsd-stable-unsubscribe@freebsd.org" > >