Help request: problems with a 5.1 server and large numbers of
rabbi at anonymizer.com
Thu Nov 20 16:57:11 PST 2003
> Hmm. Well, it certainly sounds like a resource limit to me,
> especially if
> it's a nice round number like "150" or "300". However, I'm also
> having a
> bit of trouble seeing, off the top of my head, which limit it might be.
> It sounds like you've got the ones I would think of. A quick skim of
> sshd.c suggests that it is pretty careful to document various failure
> modes in debugging output. There are one or two failures where it does
> not log, and they include the call to pipe() in the server loop -- if
> fails, it bails without an error, which is a little surprising. Could
> post server debug output for the first connection to the server that
> fails? This would let us "see how far it got"... In particular,
> it did spawn a child process, etc.
I have never gotten this to fail when sshd is running in debug mode
(i.e., sshd -ddd). However, given that it doesn't fork when run with
-d, that still doesn't tell us too much.
When I set LogLevel DEBUG3, this is as much info as I am given in the
Nov 20 16:39:19 clyde sshd: Failed none for rabbi from 127.0.0.1
port 62701 ssh2
And this is the debug output for the connection, as seen from the
bash-2.05b# ssh -vvv -l rabbi localhost
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [::1] port 22.
socket: Protocol not supported
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
This can't be a system-wide process related resource issue, I don't
think, because once a user connects and authenticates, there are no
problems of note. I'm leaning toward a socket related limit or
user-level limit. However, since sysctl tells me:
I tend to not believe the former, and why the latter would be occurring
escapes me as well.
More information about the freebsd-current