Hello.
Today i found an interesting problem related to OpenSSH. If you open enough
connections to /dev/log which your current logger can?t handle, you can?t
logging remotely using SSH which is blocked waiting for access to /dev/log.
To reproduce this problem i used CentOS 6 and 7 with the following script:
#!/bin/bash
for i in (1..500); do
(yes | logger) &
done
For CentOS 6, 50 is enough to cause rsyslog to stop accepting connections. It?s
a known limitation described here:
http://www.rsyslog.com/doc/v8-stable/configuration/modules/imuxsock.html
<http://www.rsyslog.com/doc/v8-stable/configuration/modules/imuxsock.html>
For CentOS 7, the limit is around 450, i believe is for the same reason (but
with systems this time), but i did not check.
I am not sure if this is a problem or a feature. I guess under some
circumstances it would be appropriate to deny access if you can?t record it. On
the other hand it makes too difficult to access cloud system which are under
stress.
I would like to hear your thoughts about how should we handle this issue. It
comes to mind some form of asynchronous logging or may be a timeout and a
configuration option to make it non fatal.
Best Regards.
Pablo Castellazzi.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1727 bytes
Desc: not available
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150417/40b131ee/attachment.bin>