djekels at citistreetonline.com wrote:> OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004 > > On HP-UX 11.11 ? sshd runs fine for days, then for some strange reason > we get > > ssh_exchange_identification: Connection closed by remote hostWhat do the server logs say? Does the server have PAM enabled? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
What type of logs are we looking at, syslog? Yes PAM is enabled. -----Original Message----- From: dtucker at zip.com.au [mailto:dtucker at zip.com.au] Sent: Thursday, July 08, 2004 6:26 AM To: Donny Jekels Cc: openssh-unix-dev at mindrot.org Subject: Re: urgent bug to report djekels at citistreetonline.com wrote:> OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004 > > On HP-UX 11.11 - sshd runs fine for days, then for some strange reason > we get > > ssh_exchange_identification: Connection closed by remote hostWhat do the server logs say? Does the server have PAM enabled? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
djekels at citistreetonline.com wrote:> What type of logs are we looking at, syslog?Yes, any syslog messages from sshd (probably in authlog, but that will depend on the settings of SyslogFacility and your syslog.conf).> Yes PAM is enabled.Check if there are extra "sshd [pam]" processes running, you might be running out of resources. (This is because sshd 3.8p1 and 3.8.1p1 fail to clean up the PAM child process under some conditions). If so, please try the attached patch. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: openssh-pam-cleanup.patch Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040708/6a02af0b/attachment.ksh
Ok, thanks, I will check into the server logs when I get to the office. I will also try the patch. Donny -----Original Message----- From: dtucker at zip.com.au [mailto:dtucker at zip.com.au] Sent: Thursday, July 08, 2004 8:41 AM To: Donny Jekels Cc: openssh-unix-dev at mindrot.org Subject: Re: urgent bug to report djekels at citistreetonline.com wrote:> What type of logs are we looking at, syslog?Yes, any syslog messages from sshd (probably in authlog, but that will depend on the settings of SyslogFacility and your syslog.conf).> Yes PAM is enabled.Check if there are extra "sshd [pam]" processes running, you might be running out of resources. (This is because sshd 3.8p1 and 3.8.1p1 fail to clean up the PAM child process under some conditions). If so, please try the attached patch. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.