comments? -------------- next part -------------- An embedded message was scrubbed... From: Charles Clancy <mgrtcc at cs.rose-hulman.edu> Subject: Problems on Sparcs Date: Wed, 6 Dec 2000 09:55:41 -0500 (EST) Size: 2913 Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20001206/c7cb5d2a/attachment.mht
One thing I can see is that you are running sshd from inetd through tcp_wrappers. Wouldn't it be preferable to link in libwrap.a and start sshd in /etc/rc3.d ? At 01:57 PM 12/06/2000, Markus Friedl wrote:>comments? >Return-Path: <mgrtcc at cs.rose-hulman.edu> >Received: from faui45.informatik.uni-erlangen.de >(root at faui45.informatik.uni-erlangen.de [131.188.34.45]) > by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with > ESMTP id PAA10287 > for <msfriedl at cip.informatik.uni-erlangen.de>; Wed, 6 Dec 2000 > 15:56:43 +0100 (MET) >Received: from cvs.openbsd.org (IDENT:root at cvs.openbsd.org [199.185.137.3]) > by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with > ESMTP id PAA20410 > for <markus.friedl at informatik.uni-erlangen.de>; Wed, 6 Dec 2000 > 15:56:41 +0100 (MET) >Received: from hermes.cs.rose-hulman.edu (hermes.cs.rose-hulman.edu >[137.112.40.22]) > by cvs.openbsd.org (8.10.1/8.10.1) with ESMTP id eB6EtcD08240 > for <openssh at openssh.com>; Wed, 6 Dec 2000 07:55:38 -0700 (MST) >Received: from skyhawk (skyhawk [137.112.40.33]) > by hermes.cs.rose-hulman.edu (8.11.0/8.11.0) with ESMTP id > eB6EtgV07928 > for <openssh at openssh.com>; Wed, 6 Dec 2000 09:55:42 -0500 (EST) >Date: Wed, 6 Dec 2000 09:55:41 -0500 (EST) >From: Charles Clancy <mgrtcc at cs.rose-hulman.edu> >X-Sender: <mgrtcc at skyhawk> >To: <openssh at openssh.com> >Subject: Problems on Sparcs >Message-ID: <Pine.SUN.4.30.0012060944490.26223-100000 at skyhawk> >MIME-Version: 1.0 >Content-Type: TEXT/PLAIN; charset=US-ASCII > >I compiled OpenSSH 2.3.0p1 for Solaris 7 (32-bit) with OpenSSL 0.95a, with >GCC 2.95.2 (sunfreeware.com binaries). > >We are using OpenSSH because it supports PAM, which is required for our >network, as our workstations run AFS, and very few daemons support >authentication via AFS. > >On our most frequently used Ultra 80 (2x450MHz, 1G RAM), we have been >having problems ever since upgrading from SSH 1.2.27 (w/ PAM patch) to >OpenSSH. Remote SSH connections stop working after about 2 days (sshd is >run from inetd through tcp_wrappers). After 2 days, if you log in >locally, graphical logins will halt. A console text-based login works, >but about half the basic unix commands have problems. For example, a "w" >only returns the first line, and then halts. A "ps -ef" will get about >half way through before getting stuck. A CTRL-C won't get you out of them >either. All you can do is "sync; reboot" from a telnet connection >(tcp_wrappers is configured to allow telnet from one of our servers). > >This machine is being used mostly as a general purpose workstation. I >know at least one person is using MATLAB and doing some X-Forwarding. > >All the other machines (1 Ultra 80 and 10 Ultra 10s) are working fine. We >did have one Ultra 2 (web server) that exhibited some of these problems, >but I immediately switched it back to SSH 1.2.27, because we can't afford >any downtime on that machine. > >Do you have any idea what would cause this bizarre behavior? > >Thanks! >_______________________________________________________ > Charles Clancy -- mgrtcc at cs.rose-hulman.edu >Senior UNIX Administrator, Rose-Hulman Computer Science
>>>>> "MF" == Markus Friedl <markus.friedl at informatik.uni-erlangen.de> writes:MF> comments? MF> From: Charles Clancy <mgrtcc at cs.rose-hulman.edu> MF> Subject: Problems on Sparcs MF> To: <openssh at openssh.com> MF> Date: Wed, 6 Dec 2000 09:55:41 -0500 (EST) MF> I compiled OpenSSH 2.3.0p1 for Solaris 7 (32-bit) with OpenSSL 0.95a, with MF> GCC 2.95.2 (sunfreeware.com binaries). Similar setup here (locally compiled gcc-2.91.66, kth-1.0.2 for KRB4 support). MF> We are using OpenSSH because it supports PAM, which is required for our MF> network, as our workstations run AFS, and very few daemons support MF> authentication via AFS. We tried PAM on Solaris for the same reasons, then discovered that compiling sshd without PAM works even better - AFS token forwarding works in both cases, and without PAM, standard KRB4 authentication will be used. This works nicely as long as you have a /etc/srvtab on all machines. MF> On our most frequently used Ultra 80 (2x450MHz, 1G RAM), we have been MF> having problems ever since upgrading from SSH 1.2.27 (w/ PAM patch) to MF> OpenSSH. Remote SSH connections stop working after about 2 days (sshd is MF> run from inetd through tcp_wrappers). After 2 days, if you log in MF> locally, graphical logins will halt. A console text-based login works, MF> but about half the basic unix commands have problems. For example, a "w" MF> only returns the first line, and then halts. A "ps -ef" will get about MF> half way through before getting stuck. A CTRL-C won't get you out of them MF> either. All you can do is "sync; reboot" from a telnet connection MF> (tcp_wrappers is configured to allow telnet from one of our servers). similar symptoms seen infrequently over here, but only on Solaris7 (not on 2.6). MF> This machine is being used mostly as a general purpose workstation. I MF> know at least one person is using MATLAB and doing some X-Forwarding. MF> All the other machines (1 Ultra 80 and 10 Ultra 10s) are working fine. We MF> did have one Ultra 2 (web server) that exhibited some of these problems, MF> but I immediately switched it back to SSH 1.2.27, because we can't afford MF> any downtime on that machine. MF> Do you have any idea what would cause this bizarre behavior? TransARC libpamafs has been causing trouble in the past, and we are happy to have gotten rid of it. The AFS kernel support for Solaris7 may be somewhat flaky as well (k_hasafs() sometimes returning 0...) Sorry, no easy answer from over here. Our build environment/binaries is at /afs/cern.ch/project/connectivity/openssh-2.2.0/@sys/install/, feel free to have a look.(it is actually a patched-up 2.3.0) Regards Jan
Reasonably Related Threads
- [Bug 11378] New: Please add a '--line-buffered' option to rsync to make logging/output more friendly with pipes/syslog/CI systems/etc.
- allowing users to change system time
- OpenSSH on SunOS 4
- md raid1 - no speed improvement
- Does OpenSSH have tcp_wrappers *built-in* or just compatibility?