Michael Ross
2014-Oct-22 14:49 UTC
10.1 sshd connections/processes don't die on physical disconnect ( sort-of repost )
Hello, I dug a bit into the observation I posted here: http://lists.freebsd.org/pipermail/freebsd-stable/2014-September/079922.html Problem as follows: Host A running 10.1-RC1 r272736 Host B running 9.2-STABLE r261716 I connect to both hosts via ssh, and then I physically interrupt the connection -- pull the network cable or power down the router. ( simulate ISP forced disconnect ). Behaviour difference in sshd connections an processes, where the peer disconnected hard: 9.2-running Host B: connection and processes disappear after a while ( ~ 2 hours ? ) 10.1-running Host A: connection and processes linger around forever ( > 4 weeks ) Below a diff between the sshd_config files of the machines, Changing "PrivilegeSeparation" from "sandbox" back to "yes" does not help. Hints appreciated. Host A sockstat lists 41 sshd processes with connected sockets for the last 13 days, and I *know* that these are disconnected. Michael 1,2c1,2 < # $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $ < # $FreeBSD: stable/10/crypto/openssh/sshd_config 264692 2014-04-20 12:46:18Z des $ ---> # $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ > # $FreeBSD: release/9.1.0/crypto/openssh/sshd_config 224638 > 2011-08-03 19:14:22Z brooks $11c11 < # possible, but leave them commented. Uncommented options override the ---> # possible, but leave them commented. Uncommented options change a17c17,19 < Port 22 ---> #VersionAddendum FreeBSD-20110503 > > #Port 2219c21 < ListenAddress x.x.x.x ---> #ListenAddress 0.0.0.031d32 < #HostKey /etc/ssh/ssh_host_ed25519_key 37,39d37 < # Ciphers and keying < #RekeyLimit default none < 43c41 < #LogLevel INFO ---> LogLevel DEBUG48c46 < PermitRootLogin no ---> PermitRootLogin yes55,62c53 < < # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 < #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 < < #AuthorizedPrincipalsFile none < < #AuthorizedKeysCommand none < #AuthorizedKeysCommandUser nobody ---> #AuthorizedKeysFile .ssh/authorized_keys92c83 < # and session processing. If this is enabled, PAM authentication will ---> # and session processing. If this is enabled, PAM authentication will108d98 < #PermitTTY yes 113c103 < #UsePrivilegeSeparation sandbox ---> #UsePrivilegeSeparation yes120c110 < #MaxStartups 10:30:100 ---> #MaxStartups 10123d112 < #VersionAddendum FreeBSD-20140420 147d135 < # PermitTTY no