Date: Sat, 14 Jun 2003 17:52:45 -0700 From: Richard Schilling <rschi@rsmba.biz> To: freebsd-stable@freebsd.org Subject: Re: sshd refusing connections problem Message-ID: <20030615005245.GC357@foghorn.rsmba.biz> In-Reply-To: <20030614053608.GB8466@laptop.lambertfam.org>; from lambert@lambertfam.org on Fri, Jun 13, 2003 at 22:36:08 -0700 References: <20030614053608.GB8466@laptop.lambertfam.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Do you notice wether or not it takes a certain number of connections for the bug to show up? I'm not seeing this problem with just a few people connecting via sftp (about 2-4 times per week). --Richard On 2003.06.13 22:36 Scott Lambert wrote: > We have been having a problem with sshd on our shell server. > > This has been happening since March 4, 2003 or before IIRC. Initially > I > thought the next OS upgrade, to 4.8 would fix this. I am accustomed > to > haveing little things go away in a month or two. > > I think we jumped to 4.7-STABLE on Feb 28, 2003. Some exploit fix > wasn't being MFSd to RELENG_4_7 fast enough for my nerves (cvsd?). It > was last upgraded to FreeBSD 4.8-RELEASE #8: Mon Mar 31 22:13:07 EST > 2003, RELENG_4_8. > > sshd regularly stops accepting new connections. There is never > anything > in the logs. This time the last connection before sshd stopped taking > new connections was the user, lets call him "bob" who always manages > to > leave a lot of processes with the title of "sshd: bob [priv] (sshd)". > Bob currently has 35 of those processes up. > > Jun 13 19:17:55 shell sshd[39482]: Accepted password for bob from > 10.321.321.321 port 3616 > Jun 13 20:28:01 shell sshd[72401]: Received SIGHUP; restarting. > Jun 13 20:28:02 shell sshd[41220]: Server listening on 0.0.0.0 port > 22. > Jun 13 21:06:49 shell sshd[42072]: Accepted publickey for scott from > 68.160.236.249 > > Obviously, I faked the IP for "bob". > > I consoled in this time and hooked up truss to the server PID. I was > running: > > while true ; do /usr/bin/ssh shell.example.com; done; > > Thinking that if it were a file handle problem, I might accidentally > get in if I caught it as an active user logged out. It was closing > the > connection as soon as it was made (TCP handshake). I have, umm, lost > the error messages I was seeing on my side. Hopefully the truss > output > will be sufficient. My ssh client never got far enough to negotiate a > key with the server. > > Truss output is at : > > http://www.lambertfam.org/~lambert/sshd_problem/truss_sshd > > netstat -an | grep '\.22 ' output is at : > > http://www.lambertfam.org/~lambert/sshd_problem/netstat-an_sshd > > Faked the first two octets of the other users' IPs. > > Once I -HUP the sshd process and it forks a new daemon, everything is > ok > for another week or two. > > -- > Scott Lambert KC5MLE Unix > SysAdmin > lambert@lambertfam.org > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to > "freebsd-stable-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030615005245.GC357>