sshd with zombie process on FreeBSD 10.0-STABLE - workaround
Nimrod Levy
n1mr0d at nimrod.is-a-geek.net
Wed Mar 19 16:56:34 UTC 2014
I recently ran into a very similar sounding issue on a juniper router
(JunOS is based on FreeBSD) that ended up being a timing issue when the
devices were sending ACKs. Basically, the client tries to close the
session with a FIN, but the server (or in my case, a router) was delaying
sending ACKs and disregarded the FIN. When the client subsequently
received an SSH packet, an RST was sent out from the client and the
connection was closed. The socket on the server remained open and we saw a
similar stuck process.
One workaround was to set
sysctl -w net.inet.tcp.delayed_ack=0
On Wed, Mar 19, 2014 at 11:01 AM, Kevin Oberman <rkoberman at gmail.com> wrote:
> On Wed, Mar 19, 2014 at 6:00 AM, Marcelo Gondim <gondim at bsdinfo.com.br
> >wrote:
>
> > Hi all,
> >
> > While the solution does not appear, did the script below and put it in
> > crontab to automatically delete zombie sshd processes.
> >
> > the_walking_dead.sh:
> >
> > #!/bin/sh
> > kill -9 `ps afx|grep sshd|grep unknown|awk '{print $1}'`
> >
> >
> > Put this in /etc/crontab:
> >
> > 00 1 * * * root the_walking_dead.sh
> >
> >
> If 'kill -9' works, the process is not really a zombie. It simply still has
> a socket open and is waiting for it to be closed before exiting.
>
> You might takes a look at network sockets with sockstat(1) and see if you
> can get any indication of why these sockets are not being closed. It may be
> that the issue is not sshd but some other issue in the OS leaving sockets
> open.
>
> --
> R. Kevin Oberman, Network Engineer, Retired
> E-mail: rkoberman at gmail.com
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
>
More information about the freebsd-stable
mailing list