SSH failing randomly in 4.7-REL

Thu Apr 3 11:08:31 PST 2003

I appreciate the help so far in trying to get these X terminals going.
Unfortunately, I have discovered another oddity, this time with sshd and
dhclient. I'm not sure if they are related or not.

The first is with sshd. Randomly, and for no apparent reason, sshd will
refuse to allow logins. Instead, it dumps me out with:

whitetower# ssh dhcp3
Password:
Connection to dhcp3 closed by remote host.
Connection to dhcp3 closed.

Interestingly, I can usually clear this up with a reboot. For example,
dhcp3 would allow logins up until recently and other machines wouldn't.
Now, it is refusing logins - and other machines are. They were all
rebooted at about the same time,

All of these machines are binary identical - including their RSA/DSA key
pairs. This was supposed to make it easier, considering they all obtain
IP addresses via DHCP.

The other is with dhclient. When sshd starts refusing to respond, dhclient
is invariably ballooned out to 13-14Mb of RAM usage - and is quite dead. I
tested this by invalidating all DHCP leases at the server, and the
machines didn't renew leases. Normally, dhclient has an image size of
about 932kB.

I think I might be able to partly explain this behavior based on other
strangeness in the logs. I get a bunch of messages from something called
arpresolver stating that 192.168.1.1 isn't on the local network.
(192.168.1.1 is the XDM host, which each terminal is programmed to
query). I also get messages from arpresolver about 192.168.1.254 (the
router) not being on the local network. The kicker is that ifconfig
reports that the local ip address is 192.168.1.x (where x is from 2 to 33)

running arp -a produces a list of hosts with "incomplete" MAC addresses. I
can manually ping hosts, and from then on arp will show the correct MAC
address. I can also ping the hosts (even when they are "dead"), and they
respond. I don't see ANY messages from aue0 regarding the interface going
down, and I know the adapters are good (they have been running under linux
24/7 for months). Traffic is fairly light right now, because the app
server is still under construction. Right now, they have nothing but the
static xdm login screen on their displays.

Lastly, even when the arp table is rebuilt by pinging hosts, sshd won't
allow incoming connections. It doesn't sever existing connections, though.
I have existing connections to each machine which are still working - but
no new connections.

I don't even know where to start with providing background info - but here
is some:

All of these machines have identical hardware. They use Linksys USB100TX
USB network interfaces, and are on a 100Mb ethernet segment. The machines
themselves are AMD K6-2+ systems, with 32Mb of RAM. The boot volume is a
16Mb sandisk, and they mount everything but /etc, /dev, and /boot from a
microdrive.

BTW - I have (for the moment) started mounting the sandisk read-write, but
the problem still occurs. It doesn't seem to make a difference whether /
is mounted read-only or not.

Many thanks,
Seth Henry