Howdy,
I recently had a problem with one of our servers (crashed due to power
failure :-). While this shouldn't have been a problem for most
of the workstations and servers on the network I noticed that I
wasn't able to use ssh anymore. Ssh would simply hang during the connection.
rsh and telnet however were able to connect without problem so there
was no problem with the destination or the environment of the user.
I noticed that for some strange reason ssh tries to run arp, netstat and df
during the connection (I can understand the use of arp and netstat but why on
earth df). Unfortunately df blocks when it tries to measure the size
of a filesystem which is mounted (e.g. by automount) but unavailable (since
the server crashed) I guess this is the reason why the ssh connection
failed. Ofcourse having my whole network unreachable by ssh just because
one server goes down is totaly unacceptable (I might as well start using
Windows). How can I turn this behaviour off or can anybody give me a
really really good reason why ssh would need df?
Thanks in advance,
Nico
--------------------------------------------------------
"It has been said that there are only two businesses
refer to customers as users: illegal drug trade and
the computer industry."
--------------------------------------------------------
Nico De Ranter
Sony Service Center (SDCE/NEE-B)
Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
1130 Brussel (Bruxelles), Belgium, Europe, Earth
Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
e-mail: nico.deranter at sonycom.com
On Fri, Nov 17, 2000 at 02:15:19PM +0100, Nico De Ranter wrote: ...> one server goes down is totaly unacceptable (I might as well start using > Windows). How can I turn this behaviour off or can anybody give me a > really really good reason why ssh would need df?In order to collect entropy for seeding the PRNG (like the other commands). Have a look into $SSHETC/ssh_prng_commands and comment out the line(s) utilizing "df". Or recompile and change to another entropy source like EGD. Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
Quoting Nico De Ranter <nico at sonycom.com>:> Howdy, > > I recently had a problem with one of our servers (crashed due to power > failure :-). While this shouldn't have been a problem for most > of the workstations and servers on the network I noticed that I > wasn't able to use ssh anymore. Ssh would simply hang during the connection. > rsh and telnet however were able to connect without problem so there > was no problem with the destination or the environment of the user. > I noticed that for some strange reason ssh tries to run arp, netstat and df > during the connection (I can understand the use of arp and netstat but why on > earth df). Unfortunately df blocks when it tries to measure the size > of a filesystem which is mounted (e.g. by automount) but unavailable (since > the server crashed) I guess this is the reason why the ssh connection > failed. Ofcourse having my whole network unreachable by ssh just because > one server goes down is totaly unacceptable (I might as well start using > Windows). How can I turn this behaviour off or can anybody give me a > really really good reason why ssh would need df?ssh and sshd need to get some randomness into their system somehow. For machines with a /dev/random, this is easy. However, the way ssh gets round it with less pleasant systems, is that it runs a set of commands whose output varies, hopefully from one execution to the next. You can find the file containing these commands in /etc/ssh_prng_commands. Simply remove the offending lines. Cheerio, Andrew Stribblehill Systems programmer, IT Service, University of Durham, England