Re: [Solved] Re: sshd stops accepting connections

2005-01-11 Thread Freddie Cash
On January 11, 2005 04:21 pm, Wilkinson, Alex wrote:
> 3.9 ?

> I have an updated ports collection and 
> # grep -i portv /usr/ports/security/openssh/Makefile
> PORTVERSION=3.6.1
> DISTNAME=   openssh-${PORTVERSION}
> PATCHFILES= openbsd28_${PORTVERSION}.patch

Wrong directory, you want security/openssh-portable.

-- 
Freddie Cash, CCNT CCLPHelpdesk / Network Support Tech.
School District 73 (250) 377-HELP [377-4357]
[EMAIL PROTECTED]
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: [Solved] Re: sshd stops accepting connections

2005-01-11 Thread Wilkinson, Alex
0n Wed, Jan 12, 2005 at 06:59:10AM +1030, Simon L. Nielsen wrote: 

>On 2004.11.12 21:12:12 +0100, Simon L. Nielsen wrote:
>
>> Today I suddenly couldn't log in via ssh to a server I upgraded to
>> FreeBSD 5.3-RELEASE 4 days ago.  When I tried connect to port 22 using
>> telnet(1) the following just happend:
>> 
>> [EMAIL PROTECTED]:~] telnet 192.168.3.2 22
>> Trying 192.168.3.2...
>> Connected to jet.nitro.dk.
>> Escape character is '^]'.
>> Connection closed by foreign host.
>
>[...]
>
>For the archives and anybody who may be interested...
>
>There is some kind of bug in OpenSSH 3.8.1p1's sshd (the one shipped
>with 5.3), possibly related to PAM and Privilege Separation.  The fix
>for me was simply to install OpenSSH 3.9 from ports, and I haven't had
>the problem since.

3.9 ?

I have an updated ports collection and 

# grep -i portv /usr/ports/security/openssh/Makefile 
PORTVERSION=3.6.1
DISTNAME=   openssh-${PORTVERSION}
PATCHFILES= openbsd28_${PORTVERSION}.patch

 - aW
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


[Solved] Re: sshd stops accepting connections

2005-01-11 Thread Simon L. Nielsen
On 2004.11.12 21:12:12 +0100, Simon L. Nielsen wrote:

> Today I suddenly couldn't log in via ssh to a server I upgraded to
> FreeBSD 5.3-RELEASE 4 days ago.  When I tried connect to port 22 using
> telnet(1) the following just happend:
> 
> [EMAIL PROTECTED]:~] telnet 192.168.3.2 22
> Trying 192.168.3.2...
> Connected to jet.nitro.dk.
> Escape character is '^]'.
> Connection closed by foreign host.

[...]

For the archives and anybody who may be interested...

There is some kind of bug in OpenSSH 3.8.1p1's sshd (the one shipped
with 5.3), possibly related to PAM and Privilege Separation.  The fix
for me was simply to install OpenSSH 3.9 from ports, and I haven't had
the problem since.

-- 
Simon L. Nielsen


pgpHGjBqFhIvj.pgp
Description: PGP signature


Re: sshd stops accepting connections

2004-11-17 Thread Kris Kennaway
On Wed, Nov 17, 2004 at 07:19:21PM -0800, Doug White wrote:

> This is the kicker -- sshd couldn't fork because somethnig went berzerk.
> 
> > Nov 11 13:49:54 www kernel: Limiting closed port RST response from 212 to
> > 200 packets/sec
> 
> This looks a lot like a SYN flood on some daemon that fork()s each
> connection but doesn't have any limits.
> 
> The disk error could certainly be related, although I'm not sure
> why it would cause something to spike up and hit maxproc.

Often the processes running on the machine will block while waiting
for the disk to time out (i.e. if they're also attempting to use the
disk, typical for a webserver) ..if the machine is reasonably busy,
there could be a lot of pending connections that are suddenly
processed when the drive resets.

Kris


pgplZ4tFxkQcr.pgp
Description: PGP signature


Re: sshd stops accepting connections

2004-11-17 Thread Doug White
On Sat, 13 Nov 2004, Zoltan Frombach wrote:

> > Today I suddenly couldn't log in via ssh to a server I upgraded to
> > FreeBSD 5.3-RELEASE 4 days ago.  When I tried connect to port 22 using
> > telnet(1) the following just happend:
> >
> > [simon at zaphod:~] telnet 192.168.3.2 22
> > Trying 192.168.3.2...
> > Connected to jet.nitro.dk.
> > Escape character is '^]'.
> > Connection closed by foreign host.
> >
> > The servar had been running FreeBSD 5.2.1 for a while without
> > problems. ...
>
> I had the exact same problem yesterday!! I installad FreeBSD 5.3-RELEASE

[...]

> Nov 11 13:45:10 www kernel: ad0: WARNING - WRITE_DMA interrupt was seen but
> timeout fired LBA=2928095
> Nov 11 13:49:52 www kernel: maxproc limit exceeded by uid 0, please see
> tuning(7) and login.conf(5).

This is the kicker -- sshd couldn't fork because somethnig went berzerk.

> Nov 11 13:49:54 www kernel: Limiting closed port RST response from 212 to
> 200 packets/sec

This looks a lot like a SYN flood on some daemon that fork()s each
connection but doesn't have any limits.

The disk error could certainly be related, although I'm not sure
why it would cause something to spike up and hit maxproc.

-- 
Doug White|  FreeBSD: The Power to Serve
[EMAIL PROTECTED]  |  www.FreeBSD.org
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: sshd stops accepting connections

2004-11-17 Thread Doug White
On Fri, 12 Nov 2004, Simon L. Nielsen wrote:

> Today I suddenly couldn't log in via ssh to a server I upgraded to
> FreeBSD 5.3-RELEASE 4 days ago.  When I tried connect to port 22 using
> telnet(1) the following just happend:
>
> [EMAIL PROTECTED]:~] telnet 192.168.3.2 22
> Trying 192.168.3.2...
> Connected to jet.nitro.dk.
> Escape character is '^]'.
> Connection closed by foreign host.

You get this if:

. hosts.allow doesn't allow the client to connect.
. sshd can't fork the child to handle the connection.
. PAM is messed up and causes the PAM thread to abend.
. the sshd privsep user has gone missing

> The servar had been running FreeBSD 5.2.1 for a while without
> problems.  After logging in on the console and sending the sshd master
> process a -HUP I could log in again (and I get the normal banner when
> connecting to the port with telnet(1)).  I can't rally see in the log
> what happened, but there is a lot of "stale" sshd's hanging around,
> like:
>
> root46015  0,0  0,4  4928 2220  ??  IOns08pm   0:00,01 sshd: blah 
> [pam] (sshd)
> root58286  0,0  0,4  4920 2236  ??  Is   Tor12pm   0:00,04 sshd: pascal 
> [priv] (sshd)
> sshd58287  0,0  0,0 00  ??  ZTor12pm   0:00,03 
> root58288  0,0  0,4  4928 2236  ??  ITor12pm   0:00,01 sshd: pascal 
> [pam] (sshd)
> root58932  0,0  0,4  4920 2236  ??  Is   Tor01pm   0:00,05 sshd: 
> ole_gudiksen [priv] (sshd)
> sshd58934  0,0  0,0 00  ??  ZTor01pm   0:00,06 
> root58935  0,0  0,4  4928 2236  ??  ITor01pm   0:00,01 sshd: 
> ole_gudiksen [pam] (sshd)

What ps is this? I didn't think FreeBSD's ps ouptut .

> From all.log:
>
> Nov 11 12:04:38 nfishbone sshd[58286]: fatal: Timeout before authentication 
> for 82.211.207.191
> Nov 11 13:02:34 nfishbone sshd[58932]: fatal: Timeout before authentication 
> for 192.38.66.33

These are genrally normal and probaly not related to your problem...

> The only odd thing I could find in the logs with regard to ssh was a
> few lines like:
>
> Nov 11 22:35:49 nfishbone sshd[62378]: syslogin_perform_logout: logout() 
> returned an error

These are also OK and not related to your problem.

-- 
Doug White|  FreeBSD: The Power to Serve
[EMAIL PROTECTED]  |  www.FreeBSD.org
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: sshd stops accepting connections

2004-11-13 Thread Randy Bush
fwiw, i have been seeing this on a 5.x system for many months.
i never did diagnose it.  i just ran a second sshd on port 
so i could get into the remote box and restart the main sshd.
sorry to ruin anyone's breakfast or dinner.

randy

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re[2]: sshd stops accepting connections

2004-11-13 Thread Sopov Alexey
I think your Hard Drive dies. Replace it.
Your system halts when it tries to access your ad0.



>> Today I suddenly couldn't log in via ssh to a server I upgraded to
>> FreeBSD 5.3-RELEASE 4 days ago.  When I tried connect to port 22 using
>> telnet(1) the following just happend:
>>
>> [simon at zaphod:~] telnet 192.168.3.2 22
>> Trying 192.168.3.2...
>> Connected to jet.nitro.dk.
>> Escape character is '^]'.
>> Connection closed by foreign host.
>>
>> The servar had been running FreeBSD 5.2.1 for a while without
>> problems. ...

ZF> I had the exact same problem yesterday!! I installad FreeBSD 5.3-RELEASE
ZF> about a week ago. And on the night of Nov.11th, I've noticed that sshd2
ZF> stopped accepting connections. It dropped (closed) any connection 
ZF> immediately. Everything else seemed to work on the server just fine. I also
ZF> use standard Unix authentication, nothing fancy at all. And I installed SSH2
ZF> from ports. I had to call the colo center and asked them to reset my server.
ZF> After it rebooted, SSH2 started to work again. Examining the content of the
ZF> log files, I've noticed the following lines:

ZF> Nov 11 13:45:10 www kernel: ad0: WARNING - WRITE_DMA interrupt was seen but
ZF> timeout fired LBA=2928095
ZF> Nov 11 13:49:52 www kernel: maxproc limit exceeded by uid 0, please see
ZF> tuning(7) and login.conf(5).
ZF> Nov 11 13:49:54 www kernel: Limiting closed port RST response from 212 to
ZF> 200 packets/sec
ZF> Nov 11 13:49:55 www kernel: Limiting closed port RST response from 226 to
ZF> 200 packets/sec
ZF> Nov 11 13:49:58 www kernel: Limiting closed port RST response from 223 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:00 www kernel: Limiting closed port RST response from 225 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:01 www kernel: Limiting closed port RST response from 224 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:03 www kernel: Limiting closed port RST response from 226 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:04 www kernel: Limiting closed port RST response from 223 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:07 www kernel: Limiting closed port RST response from 226 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:08 www kernel: Limiting closed port RST response from 223 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:10 www kernel: Limiting closed port RST response from 225 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:11 www kernel: Limiting closed port RST response from 224 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:13 www kernel: Limiting closed port RST response from 226 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:14 www kernel: Limiting closed port RST response from 233 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:17 www kernel: Limiting closed port RST response from 216 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:18 www kernel: Limiting closed port RST response from 223 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:20 www kernel: Limiting closed port RST response from 215 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:21 www kernel: Limiting closed port RST response from 233 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:23 www kernel: Limiting closed port RST response from 225 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:25 www kernel: Limiting closed port RST response from 211 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:27 www kernel: Limiting closed port RST response from 225 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:29 www kernel: Limiting closed port RST response from 225 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:31 www kernel: Limiting closed port RST response from 211 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:33 www kernel: Limiting closed port RST response from 224 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:35 www kernel: Limiting closed port RST response from 205 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:37 www kernel: Limiting closed port RST response from 224 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:51 www last message repeated 4 times
ZF> Nov 11 13:50:54 www kernel: Limiting closed port RST response from 222 to
ZF> 200 packets/sec
ZF> Nov 11 13:50:58 www kernel: Limiting closed port RST response from 216 to
ZF> 200 packets/sec
ZF> Nov 11 13:51:00 www kernel: Limiting closed port RST response from 208 to
ZF> 200 packets/sec

ZF> Because of the maxproc message, I then compiled a new kernel with 1024
ZF> users. (I used the GENERIC kernel up to this point.) Since I was now
ZF> building a new kernel, I commented out some drivers that I don't use, like
ZF> some SCSI devices and some ISA network interfaces, etc. The new kernel seems
ZF> to work great.

ZF> However, today (on Friday) I had another weird encounter. This afternoon,
ZF> for several minutes, I was unable to connect to the server at all: all tcp
ZF> connection appeared to hang indefinitely! But ping worked and it was fast as
ZF> always. I kept trying to get in via SSH2, and finally I was able to log in
ZF> (it took like 2 minutes to get the login prompt, while ping time was
ZF> normal). After switching to su, I issued the top command to see what is
ZF> going on. I never get any output. The system was 

Re: sshd stops accepting connections

2004-11-13 Thread Philippe Pegon
Simon L. Nielsen wrote:
Hello
Today I suddenly couldn't log in via ssh to a server I upgraded to
FreeBSD 5.3-RELEASE 4 days ago.  When I tried connect to port 22 using
telnet(1) the following just happend:
[EMAIL PROTECTED]:~] telnet 192.168.3.2 22
Trying 192.168.3.2...
Connected to jet.nitro.dk.
Escape character is '^]'.
Connection closed by foreign host.
I'd seen the same problem in 5.3 release.
I've found this in the changelog of openssh and it seems to be very 
similar :
ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/ChangeLog
and
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=252676

"
...
20040711
 - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which
   allows the monitor to properly clean up the PAM thread (Debian
   bug #252676).
...
"
--
Philippe PEGON
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: sshd stops accepting connections

2004-11-13 Thread Zoltan Frombach
Today I suddenly couldn't log in via ssh to a server I upgraded to
FreeBSD 5.3-RELEASE 4 days ago.  When I tried connect to port 22 using
telnet(1) the following just happend:
[simon at zaphod:~] telnet 192.168.3.2 22
Trying 192.168.3.2...
Connected to jet.nitro.dk.
Escape character is '^]'.
Connection closed by foreign host.
The servar had been running FreeBSD 5.2.1 for a while without
problems. ...
I had the exact same problem yesterday!! I installad FreeBSD 5.3-RELEASE 
about a week ago. And on the night of Nov.11th, I've noticed that sshd2 
stopped accepting connections. It dropped (closed) any connection 
immediately. Everything else seemed to work on the server just fine. I also 
use standard Unix authentication, nothing fancy at all. And I installed SSH2 
from ports. I had to call the colo center and asked them to reset my server. 
After it rebooted, SSH2 started to work again. Examining the content of the 
log files, I've noticed the following lines:

Nov 11 13:45:10 www kernel: ad0: WARNING - WRITE_DMA interrupt was seen but 
timeout fired LBA=2928095
Nov 11 13:49:52 www kernel: maxproc limit exceeded by uid 0, please see 
tuning(7) and login.conf(5).
Nov 11 13:49:54 www kernel: Limiting closed port RST response from 212 to 
200 packets/sec
Nov 11 13:49:55 www kernel: Limiting closed port RST response from 226 to 
200 packets/sec
Nov 11 13:49:58 www kernel: Limiting closed port RST response from 223 to 
200 packets/sec
Nov 11 13:50:00 www kernel: Limiting closed port RST response from 225 to 
200 packets/sec
Nov 11 13:50:01 www kernel: Limiting closed port RST response from 224 to 
200 packets/sec
Nov 11 13:50:03 www kernel: Limiting closed port RST response from 226 to 
200 packets/sec
Nov 11 13:50:04 www kernel: Limiting closed port RST response from 223 to 
200 packets/sec
Nov 11 13:50:07 www kernel: Limiting closed port RST response from 226 to 
200 packets/sec
Nov 11 13:50:08 www kernel: Limiting closed port RST response from 223 to 
200 packets/sec
Nov 11 13:50:10 www kernel: Limiting closed port RST response from 225 to 
200 packets/sec
Nov 11 13:50:11 www kernel: Limiting closed port RST response from 224 to 
200 packets/sec
Nov 11 13:50:13 www kernel: Limiting closed port RST response from 226 to 
200 packets/sec
Nov 11 13:50:14 www kernel: Limiting closed port RST response from 233 to 
200 packets/sec
Nov 11 13:50:17 www kernel: Limiting closed port RST response from 216 to 
200 packets/sec
Nov 11 13:50:18 www kernel: Limiting closed port RST response from 223 to 
200 packets/sec
Nov 11 13:50:20 www kernel: Limiting closed port RST response from 215 to 
200 packets/sec
Nov 11 13:50:21 www kernel: Limiting closed port RST response from 233 to 
200 packets/sec
Nov 11 13:50:23 www kernel: Limiting closed port RST response from 225 to 
200 packets/sec
Nov 11 13:50:25 www kernel: Limiting closed port RST response from 211 to 
200 packets/sec
Nov 11 13:50:27 www kernel: Limiting closed port RST response from 225 to 
200 packets/sec
Nov 11 13:50:29 www kernel: Limiting closed port RST response from 225 to 
200 packets/sec
Nov 11 13:50:31 www kernel: Limiting closed port RST response from 211 to 
200 packets/sec
Nov 11 13:50:33 www kernel: Limiting closed port RST response from 224 to 
200 packets/sec
Nov 11 13:50:35 www kernel: Limiting closed port RST response from 205 to 
200 packets/sec
Nov 11 13:50:37 www kernel: Limiting closed port RST response from 224 to 
200 packets/sec
Nov 11 13:50:51 www last message repeated 4 times
Nov 11 13:50:54 www kernel: Limiting closed port RST response from 222 to 
200 packets/sec
Nov 11 13:50:58 www kernel: Limiting closed port RST response from 216 to 
200 packets/sec
Nov 11 13:51:00 www kernel: Limiting closed port RST response from 208 to 
200 packets/sec

Because of the maxproc message, I then compiled a new kernel with 1024 
users. (I used the GENERIC kernel up to this point.) Since I was now 
building a new kernel, I commented out some drivers that I don't use, like 
some SCSI devices and some ISA network interfaces, etc. The new kernel seems 
to work great.

However, today (on Friday) I had another weird encounter. This afternoon, 
for several minutes, I was unable to connect to the server at all: all tcp 
connection appeared to hang indefinitely! But ping worked and it was fast as 
always. I kept trying to get in via SSH2, and finally I was able to log in 
(it took like 2 minutes to get the login prompt, while ping time was 
normal). After switching to su, I issued the top command to see what is 
going on. I never get any output. The system was apparently so busy with 
something that top could not work. I had to force-close that connection. For 
several minutes I tried to log in again via SSH2, I just wanted to issue a 
reboot command at this time. When I was about to give up, suddenly, after 
like 5 minutes the login prompt appeared and I was able to log in. Since 
then EVERYTHING is working fine, I didn't even have to reboot, the server is 
still 

sshd stops accepting connections

2004-11-12 Thread Simon L. Nielsen
Hello

Today I suddenly couldn't log in via ssh to a server I upgraded to
FreeBSD 5.3-RELEASE 4 days ago.  When I tried connect to port 22 using
telnet(1) the following just happend:

[EMAIL PROTECTED]:~] telnet 192.168.3.2 22
Trying 192.168.3.2...
Connected to jet.nitro.dk.
Escape character is '^]'.
Connection closed by foreign host.

The servar had been running FreeBSD 5.2.1 for a while without
problems.  After logging in on the console and sending the sshd master
process a -HUP I could log in again (and I get the normal banner when
connecting to the port with telnet(1)).  I can't rally see in the log
what happened, but there is a lot of "stale" sshd's hanging around,
like:

root46015  0,0  0,4  4928 2220  ??  IOns08pm   0:00,01 sshd: blah [pam] 
(sshd)
root58286  0,0  0,4  4920 2236  ??  Is   Tor12pm   0:00,04 sshd: pascal 
[priv] (sshd)
sshd58287  0,0  0,0 00  ??  ZTor12pm   0:00,03 
root58288  0,0  0,4  4928 2236  ??  ITor12pm   0:00,01 sshd: pascal 
[pam] (sshd)
root58932  0,0  0,4  4920 2236  ??  Is   Tor01pm   0:00,05 sshd: 
ole_gudiksen [priv] (sshd)
sshd58934  0,0  0,0 00  ??  ZTor01pm   0:00,06 
root58935  0,0  0,4  4928 2236  ??  ITor01pm   0:00,01 sshd: 
ole_gudiksen [pam] (sshd)

pstree show the connection between some of the processes like this:

 | |-+= 58286 root sshd: pascal [priv] (sshd)
 | | |--- 58287 sshd 
 | | \--- 58288 root sshd: pascal [pam] (sshd)

From all.log:

Nov 11 12:04:38 nfishbone sshd[58286]: fatal: Timeout before authentication for 
82.211.207.191
Nov 11 13:02:34 nfishbone sshd[58932]: fatal: Timeout before authentication for 
192.38.66.33

The only odd thing I could find in the logs with regard to ssh was a
few lines like:

Nov 11 22:35:49 nfishbone sshd[62378]: syslogin_perform_logout: logout() 
returned an error

I don't use any kind of "exotic" authentication on the system, only
standard unix password file and ssh-keys.

Does anybody have an idea of what's going on here, and if it's a ssh
bug or something silly I have done?

-- 
Simon L. Nielsen
FreeBSD Documentation Team


pgp0sQLHMdt0y.pgp
Description: PGP signature