Re: [Solved] Re: sshd stops accepting connections
On January 11, 2005 04:21 pm, Wilkinson, Alex wrote: > 3.9 ? > I have an updated ports collection and > # grep -i portv /usr/ports/security/openssh/Makefile > PORTVERSION=3.6.1 > DISTNAME= openssh-${PORTVERSION} > PATCHFILES= openbsd28_${PORTVERSION}.patch Wrong directory, you want security/openssh-portable. -- Freddie Cash, CCNT CCLPHelpdesk / Network Support Tech. School District 73 (250) 377-HELP [377-4357] [EMAIL PROTECTED] ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [Solved] Re: sshd stops accepting connections
0n Wed, Jan 12, 2005 at 06:59:10AM +1030, Simon L. Nielsen wrote: >On 2004.11.12 21:12:12 +0100, Simon L. Nielsen wrote: > >> Today I suddenly couldn't log in via ssh to a server I upgraded to >> FreeBSD 5.3-RELEASE 4 days ago. When I tried connect to port 22 using >> telnet(1) the following just happend: >> >> [EMAIL PROTECTED]:~] telnet 192.168.3.2 22 >> Trying 192.168.3.2... >> Connected to jet.nitro.dk. >> Escape character is '^]'. >> Connection closed by foreign host. > >[...] > >For the archives and anybody who may be interested... > >There is some kind of bug in OpenSSH 3.8.1p1's sshd (the one shipped >with 5.3), possibly related to PAM and Privilege Separation. The fix >for me was simply to install OpenSSH 3.9 from ports, and I haven't had >the problem since. 3.9 ? I have an updated ports collection and # grep -i portv /usr/ports/security/openssh/Makefile PORTVERSION=3.6.1 DISTNAME= openssh-${PORTVERSION} PATCHFILES= openbsd28_${PORTVERSION}.patch - aW ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
[Solved] Re: sshd stops accepting connections
On 2004.11.12 21:12:12 +0100, Simon L. Nielsen wrote: > Today I suddenly couldn't log in via ssh to a server I upgraded to > FreeBSD 5.3-RELEASE 4 days ago. When I tried connect to port 22 using > telnet(1) the following just happend: > > [EMAIL PROTECTED]:~] telnet 192.168.3.2 22 > Trying 192.168.3.2... > Connected to jet.nitro.dk. > Escape character is '^]'. > Connection closed by foreign host. [...] For the archives and anybody who may be interested... There is some kind of bug in OpenSSH 3.8.1p1's sshd (the one shipped with 5.3), possibly related to PAM and Privilege Separation. The fix for me was simply to install OpenSSH 3.9 from ports, and I haven't had the problem since. -- Simon L. Nielsen pgpHGjBqFhIvj.pgp Description: PGP signature
Re: sshd stops accepting connections
On Wed, Nov 17, 2004 at 07:19:21PM -0800, Doug White wrote: > This is the kicker -- sshd couldn't fork because somethnig went berzerk. > > > Nov 11 13:49:54 www kernel: Limiting closed port RST response from 212 to > > 200 packets/sec > > This looks a lot like a SYN flood on some daemon that fork()s each > connection but doesn't have any limits. > > The disk error could certainly be related, although I'm not sure > why it would cause something to spike up and hit maxproc. Often the processes running on the machine will block while waiting for the disk to time out (i.e. if they're also attempting to use the disk, typical for a webserver) ..if the machine is reasonably busy, there could be a lot of pending connections that are suddenly processed when the drive resets. Kris pgplZ4tFxkQcr.pgp Description: PGP signature
Re: sshd stops accepting connections
On Sat, 13 Nov 2004, Zoltan Frombach wrote: > > Today I suddenly couldn't log in via ssh to a server I upgraded to > > FreeBSD 5.3-RELEASE 4 days ago. When I tried connect to port 22 using > > telnet(1) the following just happend: > > > > [simon at zaphod:~] telnet 192.168.3.2 22 > > Trying 192.168.3.2... > > Connected to jet.nitro.dk. > > Escape character is '^]'. > > Connection closed by foreign host. > > > > The servar had been running FreeBSD 5.2.1 for a while without > > problems. ... > > I had the exact same problem yesterday!! I installad FreeBSD 5.3-RELEASE [...] > Nov 11 13:45:10 www kernel: ad0: WARNING - WRITE_DMA interrupt was seen but > timeout fired LBA=2928095 > Nov 11 13:49:52 www kernel: maxproc limit exceeded by uid 0, please see > tuning(7) and login.conf(5). This is the kicker -- sshd couldn't fork because somethnig went berzerk. > Nov 11 13:49:54 www kernel: Limiting closed port RST response from 212 to > 200 packets/sec This looks a lot like a SYN flood on some daemon that fork()s each connection but doesn't have any limits. The disk error could certainly be related, although I'm not sure why it would cause something to spike up and hit maxproc. -- Doug White| FreeBSD: The Power to Serve [EMAIL PROTECTED] | www.FreeBSD.org ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sshd stops accepting connections
On Fri, 12 Nov 2004, Simon L. Nielsen wrote: > Today I suddenly couldn't log in via ssh to a server I upgraded to > FreeBSD 5.3-RELEASE 4 days ago. When I tried connect to port 22 using > telnet(1) the following just happend: > > [EMAIL PROTECTED]:~] telnet 192.168.3.2 22 > Trying 192.168.3.2... > Connected to jet.nitro.dk. > Escape character is '^]'. > Connection closed by foreign host. You get this if: . hosts.allow doesn't allow the client to connect. . sshd can't fork the child to handle the connection. . PAM is messed up and causes the PAM thread to abend. . the sshd privsep user has gone missing > The servar had been running FreeBSD 5.2.1 for a while without > problems. After logging in on the console and sending the sshd master > process a -HUP I could log in again (and I get the normal banner when > connecting to the port with telnet(1)). I can't rally see in the log > what happened, but there is a lot of "stale" sshd's hanging around, > like: > > root46015 0,0 0,4 4928 2220 ?? IOns08pm 0:00,01 sshd: blah > [pam] (sshd) > root58286 0,0 0,4 4920 2236 ?? Is Tor12pm 0:00,04 sshd: pascal > [priv] (sshd) > sshd58287 0,0 0,0 00 ?? ZTor12pm 0:00,03 > root58288 0,0 0,4 4928 2236 ?? ITor12pm 0:00,01 sshd: pascal > [pam] (sshd) > root58932 0,0 0,4 4920 2236 ?? Is Tor01pm 0:00,05 sshd: > ole_gudiksen [priv] (sshd) > sshd58934 0,0 0,0 00 ?? ZTor01pm 0:00,06 > root58935 0,0 0,4 4928 2236 ?? ITor01pm 0:00,01 sshd: > ole_gudiksen [pam] (sshd) What ps is this? I didn't think FreeBSD's ps ouptut . > From all.log: > > Nov 11 12:04:38 nfishbone sshd[58286]: fatal: Timeout before authentication > for 82.211.207.191 > Nov 11 13:02:34 nfishbone sshd[58932]: fatal: Timeout before authentication > for 192.38.66.33 These are genrally normal and probaly not related to your problem... > The only odd thing I could find in the logs with regard to ssh was a > few lines like: > > Nov 11 22:35:49 nfishbone sshd[62378]: syslogin_perform_logout: logout() > returned an error These are also OK and not related to your problem. -- Doug White| FreeBSD: The Power to Serve [EMAIL PROTECTED] | www.FreeBSD.org ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sshd stops accepting connections
fwiw, i have been seeing this on a 5.x system for many months. i never did diagnose it. i just ran a second sshd on port so i could get into the remote box and restart the main sshd. sorry to ruin anyone's breakfast or dinner. randy ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re[2]: sshd stops accepting connections
I think your Hard Drive dies. Replace it. Your system halts when it tries to access your ad0. >> Today I suddenly couldn't log in via ssh to a server I upgraded to >> FreeBSD 5.3-RELEASE 4 days ago. When I tried connect to port 22 using >> telnet(1) the following just happend: >> >> [simon at zaphod:~] telnet 192.168.3.2 22 >> Trying 192.168.3.2... >> Connected to jet.nitro.dk. >> Escape character is '^]'. >> Connection closed by foreign host. >> >> The servar had been running FreeBSD 5.2.1 for a while without >> problems. ... ZF> I had the exact same problem yesterday!! I installad FreeBSD 5.3-RELEASE ZF> about a week ago. And on the night of Nov.11th, I've noticed that sshd2 ZF> stopped accepting connections. It dropped (closed) any connection ZF> immediately. Everything else seemed to work on the server just fine. I also ZF> use standard Unix authentication, nothing fancy at all. And I installed SSH2 ZF> from ports. I had to call the colo center and asked them to reset my server. ZF> After it rebooted, SSH2 started to work again. Examining the content of the ZF> log files, I've noticed the following lines: ZF> Nov 11 13:45:10 www kernel: ad0: WARNING - WRITE_DMA interrupt was seen but ZF> timeout fired LBA=2928095 ZF> Nov 11 13:49:52 www kernel: maxproc limit exceeded by uid 0, please see ZF> tuning(7) and login.conf(5). ZF> Nov 11 13:49:54 www kernel: Limiting closed port RST response from 212 to ZF> 200 packets/sec ZF> Nov 11 13:49:55 www kernel: Limiting closed port RST response from 226 to ZF> 200 packets/sec ZF> Nov 11 13:49:58 www kernel: Limiting closed port RST response from 223 to ZF> 200 packets/sec ZF> Nov 11 13:50:00 www kernel: Limiting closed port RST response from 225 to ZF> 200 packets/sec ZF> Nov 11 13:50:01 www kernel: Limiting closed port RST response from 224 to ZF> 200 packets/sec ZF> Nov 11 13:50:03 www kernel: Limiting closed port RST response from 226 to ZF> 200 packets/sec ZF> Nov 11 13:50:04 www kernel: Limiting closed port RST response from 223 to ZF> 200 packets/sec ZF> Nov 11 13:50:07 www kernel: Limiting closed port RST response from 226 to ZF> 200 packets/sec ZF> Nov 11 13:50:08 www kernel: Limiting closed port RST response from 223 to ZF> 200 packets/sec ZF> Nov 11 13:50:10 www kernel: Limiting closed port RST response from 225 to ZF> 200 packets/sec ZF> Nov 11 13:50:11 www kernel: Limiting closed port RST response from 224 to ZF> 200 packets/sec ZF> Nov 11 13:50:13 www kernel: Limiting closed port RST response from 226 to ZF> 200 packets/sec ZF> Nov 11 13:50:14 www kernel: Limiting closed port RST response from 233 to ZF> 200 packets/sec ZF> Nov 11 13:50:17 www kernel: Limiting closed port RST response from 216 to ZF> 200 packets/sec ZF> Nov 11 13:50:18 www kernel: Limiting closed port RST response from 223 to ZF> 200 packets/sec ZF> Nov 11 13:50:20 www kernel: Limiting closed port RST response from 215 to ZF> 200 packets/sec ZF> Nov 11 13:50:21 www kernel: Limiting closed port RST response from 233 to ZF> 200 packets/sec ZF> Nov 11 13:50:23 www kernel: Limiting closed port RST response from 225 to ZF> 200 packets/sec ZF> Nov 11 13:50:25 www kernel: Limiting closed port RST response from 211 to ZF> 200 packets/sec ZF> Nov 11 13:50:27 www kernel: Limiting closed port RST response from 225 to ZF> 200 packets/sec ZF> Nov 11 13:50:29 www kernel: Limiting closed port RST response from 225 to ZF> 200 packets/sec ZF> Nov 11 13:50:31 www kernel: Limiting closed port RST response from 211 to ZF> 200 packets/sec ZF> Nov 11 13:50:33 www kernel: Limiting closed port RST response from 224 to ZF> 200 packets/sec ZF> Nov 11 13:50:35 www kernel: Limiting closed port RST response from 205 to ZF> 200 packets/sec ZF> Nov 11 13:50:37 www kernel: Limiting closed port RST response from 224 to ZF> 200 packets/sec ZF> Nov 11 13:50:51 www last message repeated 4 times ZF> Nov 11 13:50:54 www kernel: Limiting closed port RST response from 222 to ZF> 200 packets/sec ZF> Nov 11 13:50:58 www kernel: Limiting closed port RST response from 216 to ZF> 200 packets/sec ZF> Nov 11 13:51:00 www kernel: Limiting closed port RST response from 208 to ZF> 200 packets/sec ZF> Because of the maxproc message, I then compiled a new kernel with 1024 ZF> users. (I used the GENERIC kernel up to this point.) Since I was now ZF> building a new kernel, I commented out some drivers that I don't use, like ZF> some SCSI devices and some ISA network interfaces, etc. The new kernel seems ZF> to work great. ZF> However, today (on Friday) I had another weird encounter. This afternoon, ZF> for several minutes, I was unable to connect to the server at all: all tcp ZF> connection appeared to hang indefinitely! But ping worked and it was fast as ZF> always. I kept trying to get in via SSH2, and finally I was able to log in ZF> (it took like 2 minutes to get the login prompt, while ping time was ZF> normal). After switching to su, I issued the top command to see what is ZF> going on. I never get any output. The system was
Re: sshd stops accepting connections
Simon L. Nielsen wrote: Hello Today I suddenly couldn't log in via ssh to a server I upgraded to FreeBSD 5.3-RELEASE 4 days ago. When I tried connect to port 22 using telnet(1) the following just happend: [EMAIL PROTECTED]:~] telnet 192.168.3.2 22 Trying 192.168.3.2... Connected to jet.nitro.dk. Escape character is '^]'. Connection closed by foreign host. I'd seen the same problem in 5.3 release. I've found this in the changelog of openssh and it seems to be very similar : ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/ChangeLog and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=252676 " ... 20040711 - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows the monitor to properly clean up the PAM thread (Debian bug #252676). ... " -- Philippe PEGON ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sshd stops accepting connections
Today I suddenly couldn't log in via ssh to a server I upgraded to FreeBSD 5.3-RELEASE 4 days ago. When I tried connect to port 22 using telnet(1) the following just happend: [simon at zaphod:~] telnet 192.168.3.2 22 Trying 192.168.3.2... Connected to jet.nitro.dk. Escape character is '^]'. Connection closed by foreign host. The servar had been running FreeBSD 5.2.1 for a while without problems. ... I had the exact same problem yesterday!! I installad FreeBSD 5.3-RELEASE about a week ago. And on the night of Nov.11th, I've noticed that sshd2 stopped accepting connections. It dropped (closed) any connection immediately. Everything else seemed to work on the server just fine. I also use standard Unix authentication, nothing fancy at all. And I installed SSH2 from ports. I had to call the colo center and asked them to reset my server. After it rebooted, SSH2 started to work again. Examining the content of the log files, I've noticed the following lines: Nov 11 13:45:10 www kernel: ad0: WARNING - WRITE_DMA interrupt was seen but timeout fired LBA=2928095 Nov 11 13:49:52 www kernel: maxproc limit exceeded by uid 0, please see tuning(7) and login.conf(5). Nov 11 13:49:54 www kernel: Limiting closed port RST response from 212 to 200 packets/sec Nov 11 13:49:55 www kernel: Limiting closed port RST response from 226 to 200 packets/sec Nov 11 13:49:58 www kernel: Limiting closed port RST response from 223 to 200 packets/sec Nov 11 13:50:00 www kernel: Limiting closed port RST response from 225 to 200 packets/sec Nov 11 13:50:01 www kernel: Limiting closed port RST response from 224 to 200 packets/sec Nov 11 13:50:03 www kernel: Limiting closed port RST response from 226 to 200 packets/sec Nov 11 13:50:04 www kernel: Limiting closed port RST response from 223 to 200 packets/sec Nov 11 13:50:07 www kernel: Limiting closed port RST response from 226 to 200 packets/sec Nov 11 13:50:08 www kernel: Limiting closed port RST response from 223 to 200 packets/sec Nov 11 13:50:10 www kernel: Limiting closed port RST response from 225 to 200 packets/sec Nov 11 13:50:11 www kernel: Limiting closed port RST response from 224 to 200 packets/sec Nov 11 13:50:13 www kernel: Limiting closed port RST response from 226 to 200 packets/sec Nov 11 13:50:14 www kernel: Limiting closed port RST response from 233 to 200 packets/sec Nov 11 13:50:17 www kernel: Limiting closed port RST response from 216 to 200 packets/sec Nov 11 13:50:18 www kernel: Limiting closed port RST response from 223 to 200 packets/sec Nov 11 13:50:20 www kernel: Limiting closed port RST response from 215 to 200 packets/sec Nov 11 13:50:21 www kernel: Limiting closed port RST response from 233 to 200 packets/sec Nov 11 13:50:23 www kernel: Limiting closed port RST response from 225 to 200 packets/sec Nov 11 13:50:25 www kernel: Limiting closed port RST response from 211 to 200 packets/sec Nov 11 13:50:27 www kernel: Limiting closed port RST response from 225 to 200 packets/sec Nov 11 13:50:29 www kernel: Limiting closed port RST response from 225 to 200 packets/sec Nov 11 13:50:31 www kernel: Limiting closed port RST response from 211 to 200 packets/sec Nov 11 13:50:33 www kernel: Limiting closed port RST response from 224 to 200 packets/sec Nov 11 13:50:35 www kernel: Limiting closed port RST response from 205 to 200 packets/sec Nov 11 13:50:37 www kernel: Limiting closed port RST response from 224 to 200 packets/sec Nov 11 13:50:51 www last message repeated 4 times Nov 11 13:50:54 www kernel: Limiting closed port RST response from 222 to 200 packets/sec Nov 11 13:50:58 www kernel: Limiting closed port RST response from 216 to 200 packets/sec Nov 11 13:51:00 www kernel: Limiting closed port RST response from 208 to 200 packets/sec Because of the maxproc message, I then compiled a new kernel with 1024 users. (I used the GENERIC kernel up to this point.) Since I was now building a new kernel, I commented out some drivers that I don't use, like some SCSI devices and some ISA network interfaces, etc. The new kernel seems to work great. However, today (on Friday) I had another weird encounter. This afternoon, for several minutes, I was unable to connect to the server at all: all tcp connection appeared to hang indefinitely! But ping worked and it was fast as always. I kept trying to get in via SSH2, and finally I was able to log in (it took like 2 minutes to get the login prompt, while ping time was normal). After switching to su, I issued the top command to see what is going on. I never get any output. The system was apparently so busy with something that top could not work. I had to force-close that connection. For several minutes I tried to log in again via SSH2, I just wanted to issue a reboot command at this time. When I was about to give up, suddenly, after like 5 minutes the login prompt appeared and I was able to log in. Since then EVERYTHING is working fine, I didn't even have to reboot, the server is still
sshd stops accepting connections
Hello Today I suddenly couldn't log in via ssh to a server I upgraded to FreeBSD 5.3-RELEASE 4 days ago. When I tried connect to port 22 using telnet(1) the following just happend: [EMAIL PROTECTED]:~] telnet 192.168.3.2 22 Trying 192.168.3.2... Connected to jet.nitro.dk. Escape character is '^]'. Connection closed by foreign host. The servar had been running FreeBSD 5.2.1 for a while without problems. After logging in on the console and sending the sshd master process a -HUP I could log in again (and I get the normal banner when connecting to the port with telnet(1)). I can't rally see in the log what happened, but there is a lot of "stale" sshd's hanging around, like: root46015 0,0 0,4 4928 2220 ?? IOns08pm 0:00,01 sshd: blah [pam] (sshd) root58286 0,0 0,4 4920 2236 ?? Is Tor12pm 0:00,04 sshd: pascal [priv] (sshd) sshd58287 0,0 0,0 00 ?? ZTor12pm 0:00,03 root58288 0,0 0,4 4928 2236 ?? ITor12pm 0:00,01 sshd: pascal [pam] (sshd) root58932 0,0 0,4 4920 2236 ?? Is Tor01pm 0:00,05 sshd: ole_gudiksen [priv] (sshd) sshd58934 0,0 0,0 00 ?? ZTor01pm 0:00,06 root58935 0,0 0,4 4928 2236 ?? ITor01pm 0:00,01 sshd: ole_gudiksen [pam] (sshd) pstree show the connection between some of the processes like this: | |-+= 58286 root sshd: pascal [priv] (sshd) | | |--- 58287 sshd | | \--- 58288 root sshd: pascal [pam] (sshd) From all.log: Nov 11 12:04:38 nfishbone sshd[58286]: fatal: Timeout before authentication for 82.211.207.191 Nov 11 13:02:34 nfishbone sshd[58932]: fatal: Timeout before authentication for 192.38.66.33 The only odd thing I could find in the logs with regard to ssh was a few lines like: Nov 11 22:35:49 nfishbone sshd[62378]: syslogin_perform_logout: logout() returned an error I don't use any kind of "exotic" authentication on the system, only standard unix password file and ssh-keys. Does anybody have an idea of what's going on here, and if it's a ssh bug or something silly I have done? -- Simon L. Nielsen FreeBSD Documentation Team pgp0sQLHMdt0y.pgp Description: PGP signature