bin/54394: SSH/v1 leaves dead processes after session ends (4.8-REL)

Paul Civati paul at xciv.org
Fri Jul 11 11:00:26 PDT 2003


>Number:         54394
>Category:       bin
>Synopsis:       SSH/v1 leaves dead processes after session ends (4.8-REL)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jul 11 11:00:25 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Paul Civati
>Release:        FreeBSD 4.8-RELEASE i386
>Organization:
>Environment:
 FreeBSD 4.8-RELEASE i386

>Description:

Between 4.7-REL and 4.8-REL ssh was upgraded and now exhibits the
following bug.

If you connect with protocol v1 you get three ssh processes, one of
which never dies, even after the ssh session has been closed.

% ps aux | grep ssh
root      219  0.0  0.0  4076    0  ??  IW   -         0:00.00 sshd: paul [priv
root      265  0.0  0.0  4076    0  ??  IW   -         0:00.00 sshd: paul [priv
root      580  0.0  0.3  2592  640  ??  Is   Wed09PM   0:01.54 /usr/sbin/sshd
root      584  0.0  0.0  4076    0  ??  IW   -         0:00.00 sshd: root [priv
root      592  0.0  0.0  4076    0  ??  IW   -         0:00.00 sshd: root [priv
root     1687  0.0  0.0  4076    0  ??  IW   -         0:00.00 sshd: root [priv
root     5077  0.0  0.0  4076    0  ??  IW   -         0:00.00 sshd: root [priv
root    40458  0.0  0.0  4076    0  ??  IW   -         0:00.00 sshd: paul [priv
root    40467  0.0  0.0  4076    0  ??  IW   -         0:00.00 sshd: paul [priv
root    41042  0.0  0.0  4076    0  ??  IW   -         0:00.00 sshd: paul [priv
root    79545  0.0  0.6  5292 1568  ??  I    10:33AM   0:00.03 sshd: paul [priv
root    79547  0.0  0.6  4076 1532  ??  I    10:33AM   0:00.00 sshd: paul [priv
paul    79548  0.0  0.7  5292 1656  ??  S    10:33AM   0:00.41 sshd: paul at ttyp0
root    80170  0.0  0.7  5292 1624  ??  I    11:07AM   0:00.03 sshd: paul [priv
root    80172  0.0  0.6  4076 1592  ??  I    11:07AM   0:00.00 sshd: paul [priv
paul    80173  0.0  0.8  5292 2044  ??  I    11:07AM   0:00.01 sshd: paul at ttypc
root    80290  0.0  0.7  5292 1644  ??  I    11:12AM   0:00.02 sshd: paul [priv
paul    80319  0.0  0.7  5292 1704  ??  I    11:14AM   0:00.01 sshd: paul at ttypd

You'll see the dead ssh processes without any timestamp, two open v1
connections with three processes, and one v2 connection with just two
processes.

The nasty problem with this I've found is that once you reach a certain
number of these dead processes lying around, ssh seems to start refusing
connections with:

ssh_exchange_identification: Connection closed by remote host

Hence this bug has been submitted as 'serious' severity.

>How-To-Repeat:

Connect to sshd in 4.8-REL using protocol v1 and then close the session.

>Fix:

Use SSH protocol v2. ;)
>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list