We have been having a problem with sshd on our shell server. This has been happening since March 4, 2003 or before IIRC. Initially I thought the next OS upgrade, to 4.8 would fix this. I am accustomed to haveing little things go away in a month or two. I think we jumped to 4.7-STABLE on Feb 28, 2003. Some exploit fix wasn't being MFSd to RELENG_4_7 fast enough for my nerves (cvsd?). It was last upgraded to FreeBSD 4.8-RELEASE #8: Mon Mar 31 22:13:07 EST 2003, RELENG_4_8. sshd regularly stops accepting new connections. There is never anything in the logs. This time the last connection before sshd stopped taking new connections was the user, lets call him "bob" who always manages to leave a lot of processes with the title of "sshd: bob [priv] (sshd)". Bob currently has 35 of those processes up. Jun 13 19:17:55 shell sshd[39482]: Accepted password for bob from 10.321.321.321 port 3616 Jun 13 20:28:01 shell sshd[72401]: Received SIGHUP; restarting. Jun 13 20:28:02 shell sshd[41220]: Server listening on 0.0.0.0 port 22. Jun 13 21:06:49 shell sshd[42072]: Accepted publickey for scott from 68.160.236.249 Obviously, I faked the IP for "bob". I consoled in this time and hooked up truss to the server PID. I was running: while true ; do /usr/bin/ssh shell.example.com; done; Thinking that if it were a file handle problem, I might accidentally get in if I caught it as an active user logged out. It was closing the connection as soon as it was made (TCP handshake). I have, umm, lost the error messages I was seeing on my side. Hopefully the truss output will be sufficient. My ssh client never got far enough to negotiate a key with the server. Truss output is at : http://www.lambertfam.org/~lambert/sshd_problem/truss_sshd netstat -an | grep '\.22 ' output is at : http://www.lambertfam.org/~lambert/sshd_problem/netstat-an_sshd Faked the first two octets of the other users' IPs. Once I -HUP the sshd process and it forks a new daemon, everything is ok for another week or two. -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org
On Sat, Jun 14, 2003 at 01:36:08AM -0400, Scott Lambert wrote:> Truss output is at : > > http://www.lambertfam.org/~lambert/sshd_problem/truss_sshd > > netstat -an | grep '\.22 ' output is at : > > http://www.lambertfam.org/~lambert/sshd_problem/netstat-an_sshdAnd now that I've actually run the rsync script, these links now work. Sorry. -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org
On Sat, Jun 14, 2003 at 01:36:08AM -0400, Scott Lambert wrote:> Once I -HUP the sshd process and it forks a new daemon, everything is ok > for another week or two.FWIW, I've seen exactly this type of problem on some Redhat boxes, FreeBSD boxes, an AIX box and some other people I was talking to have seen it on OpenBSD and HP/UX. I'll try and take a look at your traces later. David.
Scott Lambert <lambert@lambertfam.org> writes:> sshd regularly stops accepting new connections. There is never anything > in the logs. This time the last connection before sshd stopped taking > new connections was the user, lets call him "bob" who always manages to > leave a lot of processes with the title of "sshd: bob [priv] (sshd)". > Bob currently has 35 of those processes up.This is an old bug which was fixed on April 7th (four days after 4.8 was released). Unfortunately, it doesn't seem to have been merged to the 4.8 security branch (which is my fault really). DES -- Dag-Erling Smorgrav - des@ofug.org
Do you notice wether or not it takes a certain number of connections for the bug to show up? I'm not seeing this problem with just a few people connecting via sftp (about 2-4 times per week). --Richard On 2003.06.13 22:36 Scott Lambert wrote:> We have been having a problem with sshd on our shell server. > > This has been happening since March 4, 2003 or before IIRC. Initially > I > thought the next OS upgrade, to 4.8 would fix this. I am accustomed > to > haveing little things go away in a month or two. > > I think we jumped to 4.7-STABLE on Feb 28, 2003. Some exploit fix > wasn't being MFSd to RELENG_4_7 fast enough for my nerves (cvsd?). It > was last upgraded to FreeBSD 4.8-RELEASE #8: Mon Mar 31 22:13:07 EST > 2003, RELENG_4_8. > > sshd regularly stops accepting new connections. There is never > anything > in the logs. This time the last connection before sshd stopped taking > new connections was the user, lets call him "bob" who always manages > to > leave a lot of processes with the title of "sshd: bob [priv] (sshd)". > Bob currently has 35 of those processes up. > > Jun 13 19:17:55 shell sshd[39482]: Accepted password for bob from > 10.321.321.321 port 3616 > Jun 13 20:28:01 shell sshd[72401]: Received SIGHUP; restarting. > Jun 13 20:28:02 shell sshd[41220]: Server listening on 0.0.0.0 port > 22. > Jun 13 21:06:49 shell sshd[42072]: Accepted publickey for scott from > 68.160.236.249 > > Obviously, I faked the IP for "bob". > > I consoled in this time and hooked up truss to the server PID. I was > running: > > while true ; do /usr/bin/ssh shell.example.com; done; > > Thinking that if it were a file handle problem, I might accidentally > get in if I caught it as an active user logged out. It was closing > the > connection as soon as it was made (TCP handshake). I have, umm, lost > the error messages I was seeing on my side. Hopefully the truss > output > will be sufficient. My ssh client never got far enough to negotiate a > key with the server. > > Truss output is at : > > http://www.lambertfam.org/~lambert/sshd_problem/truss_sshd > > netstat -an | grep '\.22 ' output is at : > > http://www.lambertfam.org/~lambert/sshd_problem/netstat-an_sshd > > Faked the first two octets of the other users' IPs. > > Once I -HUP the sshd process and it forks a new daemon, everything is > ok > for another week or two. > > -- > Scott Lambert KC5MLE Unix > SysAdmin > lambert@lambertfam.org > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to > "freebsd-stable-unsubscribe@freebsd.org" > >
try reinstall sshd install fresh from ports install opensshd latest On Sat, 14 Jun 2003, Scott Lambert wrote:> We have been having a problem with sshd on our shell server. > > This has been happening since March 4, 2003 or before IIRC. Initially I > thought the next OS upgrade, to 4.8 would fix this. I am accustomed to > haveing little things go away in a month or two. > > I think we jumped to 4.7-STABLE on Feb 28, 2003. Some exploit fix > wasn't being MFSd to RELENG_4_7 fast enough for my nerves (cvsd?). It > was last upgraded to FreeBSD 4.8-RELEASE #8: Mon Mar 31 22:13:07 EST > 2003, RELENG_4_8. > > sshd regularly stops accepting new connections. There is never anything > in the logs. This time the last connection before sshd stopped taking > new connections was the user, lets call him "bob" who always manages to > leave a lot of processes with the title of "sshd: bob [priv] (sshd)". > Bob currently has 35 of those processes up. > > Jun 13 19:17:55 shell sshd[39482]: Accepted password for bob from 10.321.321.321 port 3616 > Jun 13 20:28:01 shell sshd[72401]: Received SIGHUP; restarting. > Jun 13 20:28:02 shell sshd[41220]: Server listening on 0.0.0.0 port 22. > Jun 13 21:06:49 shell sshd[42072]: Accepted publickey for scott from 68.160.236.249 > > Obviously, I faked the IP for "bob". > > I consoled in this time and hooked up truss to the server PID. I was > running: > > while true ; do /usr/bin/ssh shell.example.com; done; > > Thinking that if it were a file handle problem, I might accidentally > get in if I caught it as an active user logged out. It was closing the > connection as soon as it was made (TCP handshake). I have, umm, lost > the error messages I was seeing on my side. Hopefully the truss output > will be sufficient. My ssh client never got far enough to negotiate a > key with the server. > > Truss output is at : > > http://www.lambertfam.org/~lambert/sshd_problem/truss_sshd > > netstat -an | grep '\.22 ' output is at : > > http://www.lambertfam.org/~lambert/sshd_problem/netstat-an_sshd > > Faked the first two octets of the other users' IPs. > > Once I -HUP the sshd process and it forks a new daemon, everything is ok > for another week or two. > > -- > Scott Lambert KC5MLE Unix SysAdmin > lambert@lambertfam.org > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >
Hi, I am looking for a mail client, like outlook express from windows. I need download my mail from commercial mail server. Can i use pine for this ?, or mayby someone know what progs i have to use.? thanks all. Marek Bajus