openssh bugs - Jun 2007 - [Bug 1321] New: sshd connection refused

http://bugzilla.mindrot.org/show_bug.cgi?id=1321

           Summary: sshd connection refused
           Product: Portable OpenSSH
           Version: 4.6p1
          Platform: UltraSparc
        OS/Version: Solaris
            Status: NEW
          Severity: major
          Priority: P2
         Component: ssh
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: annette.brady at lmco.com


When logging into ssh, I get the following at the client end - 
ssh_exhaange_identification: connection closed by remote host.

I get the following at the server end - 
sshd(25956} [ID800047 auth.error] reexec socket pair: connecton refused

This happens every day when users first try to log on.  I am able to
finaly get folks logged on by doing the following (1)stopping the ssh
daemon, (2)creating new keys, (3)stopping and (4) starting inetd and
(5)bringing down the daemon for some time.  Finally it begins to work
for some random reason and I am cluseless as to how to fix it or even
provide a timely repair.  

Can you provide some guidance on how I might proceed to get this fixed.
 I have also done ssd -v -v -v to get more detail which I can also
share.....



I have tried modifiying a lot of stuff in to sshd_config - 
(i.e. keyregeneration, keep alive, inetd.conf ssh entry, interd.conf
rexecd, recycle of network interface) ...etc.  I am just totaly
perplexed as to how to fix this.

Thanks for your help.


-- 
Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

http://bugzilla.mindrot.org/show_bug.cgi?id=1321


Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|ssh                         |sshd
                 CC|                            |dtucker at zip.com.au




--- Comment #1 from Darren Tucker <dtucker at zip.com.au>  2007-06-12
10:24:22 ---
That's pretty weird, for a few reasons:

1) the socketpair error should be non-fatal (ie sshd should fall back
to the non re-exec code in that case).

2) there's no documented reason that socketpair will set errno to
ECONNREFUSED (which corresponds to the error you describe).

3) Once you have a valid hostkey, regenerating it should have no impact
on whether or not sshd will start up.

4) Unless you have specifically configured sshd to run under inetd
(which is uncommon) then restarting inetd should have no impact on
sshd.

The only thing that I can think of (and it's a long shot) is that
you're reaching a limit of file descriptors, possibly a system-wide
limit.  You can try running "ulimit -h -n unlimited; ulimit -n
unlimited" (exact syntax will vary depending on your shell) before
restarting sshd.

You can also disable the re-exec in sshd ("/path/to/sshd -r") but if
you really are hitting a descriptor limit then that will probably not
solve the problem but rather change the symptoms.

BTW, which version of Solaris is this?  Do you have any
descriptor-related settings in /etc/system?


-- 
Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1321


Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WORKSFORME




--- Comment #2 from Darren Tucker <dtucker at zip.com.au>  2007-12-31
22:05:48 ---
If you can't (or won't) provide answers to any of the questions or try
any of the suggestions then I am afraid there is not a lot we can do to
help you.  Please reopen this bug if you have any further information.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1321


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added                       
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED                      




--- Comment #3 from Damien Miller <djm at mindrot.org>  2008-04-04
09:59:49 ---
Close resolved bugs after release.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.