Date: Wed, 19 Mar 2014 11:56:26 -0500 From: Nimrod Levy <n1mr0d@nimrod.is-a-geek.net> To: Kevin Oberman <rkoberman@gmail.com> Cc: Marcelo Gondim <gondim@bsdinfo.com.br>, FreeBSD Stable Mailing List <freebsd-stable@freebsd.org> Subject: Re: sshd with zombie process on FreeBSD 10.0-STABLE - workaround Message-ID: <CAMgUhpoCx3pfzg4ZPb%2BUOfJit3trir68FBjq5yDSJohPPsp24Q@mail.gmail.com> In-Reply-To: <CAN6yY1uucfkdXxkCF30w1Q9vffRpDLxM90Sz1XVbdn5W69vQMg@mail.gmail.com> References: <53016D97.5030909@bsdinfo.com.br> <53066B59.5000709@yandex.ru> <531A6C66.2010101@bsdinfo.com.br> <CAPJF9wnVOYjTXB0A1wyzwvCj-Tvx_u2uYLW72-wDuz-QZpwT4w@mail.gmail.com> <53298445.90706@bsdinfo.com.br> <532994EA.9090300@bsdinfo.com.br> <CAN6yY1uucfkdXxkCF30w1Q9vffRpDLxM90Sz1XVbdn5W69vQMg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I recently ran into a very similar sounding issue on a juniper router
(JunOS is based on FreeBSD) that ended up being a timing issue when the
devices were sending ACKs. Basically, the client tries to close the
session with a FIN, but the server (or in my case, a router) was delaying
sending ACKs and disregarded the FIN. When the client subsequently
received an SSH packet, an RST was sent out from the client and the
connection was closed. The socket on the server remained open and we saw a
similar stuck process.
One workaround was to set
sysctl -w net.inet.tcp.delayed_ack=0
On Wed, Mar 19, 2014 at 11:01 AM, Kevin Oberman <rkoberman@gmail.com> wrote:
> On Wed, Mar 19, 2014 at 6:00 AM, Marcelo Gondim <gondim@bsdinfo.com.br
> >wrote:
>
> > Hi all,
> >
> > While the solution does not appear, did the script below and put it in
> > crontab to automatically delete zombie sshd processes.
> >
> > the_walking_dead.sh:
> >
> > #!/bin/sh
> > kill -9 `ps afx|grep sshd|grep unknown|awk '{print $1}'`
> >
> >
> > Put this in /etc/crontab:
> >
> > 00 1 * * * root the_walking_dead.sh
> >
> >
> If 'kill -9' works, the process is not really a zombie. It simply still has
> a socket open and is waiting for it to be closed before exiting.
>
> You might takes a look at network sockets with sockstat(1) and see if you
> can get any indication of why these sockets are not being closed. It may be
> that the issue is not sshd but some other issue in the OS leaving sockets
> open.
>
> --
> R. Kevin Oberman, Network Engineer, Retired
> E-mail: rkoberman@gmail.com
> _______________________________________________
> freebsd-stable@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAMgUhpoCx3pfzg4ZPb%2BUOfJit3trir68FBjq5yDSJohPPsp24Q>