Hi,
we encounter a problem using PAM with privsep to manage OPIE
authentication : in some -- not really reproducible -- cases, the
child responsible of PAM authentication stalls and continues to run
even if its parent has been closed. The server is the standard RHEL 4
install, which is a 3.9p1 with backported security patches
As this children account for the 'MaxStartups' limit, new users then
get "remote host closed the connection" messages when trying to
connect.
As an example, we have two such processes (30622 and 13328) still
running at the moment -- and absolutely no logs about them :
unix$ ps | grep sshd
30622 1 root sshd: user1 [pam]
13328 1 root sshd: user2 [pam]
7687 1 root /usr/sbin/sshd -f /etc/ssh/sshd_config.OPIE
unix$
tracing reveals they are blocked on a read() to file descriptor 7,
which is a unix domain socket according to lsof and this is what gdb
has to say (no debug version, sorry):
#0 0x0000002a968b1a92 in __read_nocancel () from /lib64/tls/libc.so.6
#1 0x000000552aadea26 in packet_get_int () from /usr/sbin/sshd
#2 0x000000552aae3f75 in kex_input_kexinit () from /usr/sbin/sshd
#3 0x000000552aacdb60 in kexgex_server () from /usr/sbin/sshd
#4 0x0000002a96eb1c27 in converse () from /lib/security/pam_opie.so
#5 0x0000002a96eb1d7a in pam_sm_authenticate () from /lib/security/pam_opie.so
#6 0x0000002a957787aa in _pam_dispatch () from /lib64/libpam.so.0
#7 0x0000002a9577a182 in pam_authenticate () from /lib64/libpam.so.0
#8 0x000000552aace845 in kexgex_server () from /usr/sbin/sshd
#9 0x000000552aace10b in kexgex_server () from /usr/sbin/sshd
#10 0x000000552aac6404 in session_close_by_channel () from /usr/sbin/sshd
#11 0x000000552aac58d2 in session_close_by_channel () from /usr/sbin/sshd
#12 0x000000552aac85a5 in session_close_by_channel () from /usr/sbin/sshd
#13 0x000000552aab5b39 in main () from /usr/sbin/sshd
Any ideas on how this happens ?
Simon
--
Simon Vallet
Ing?nieur Syst?mes/R?seaux
CEA DSV IG / Genoscope
T?l. : 01 60 87 36 06
E-mail : svallet at genoscope.cns.fr
