10.1 sshd connections/processes don't die on physical disconnect ( sort-of repost )
Michael Ross
gmx at ross.cx
Wed Oct 22 15:14:28 UTC 2014
Hello,
I dug a bit into the observation I posted here:
http://lists.freebsd.org/pipermail/freebsd-stable/2014-September/079922.html
Problem as follows:
Host A running 10.1-RC1 r272736
Host B running 9.2-STABLE r261716
I connect to both hosts via ssh,
and then I physically interrupt the connection -- pull the network cable
or power down the router.
( simulate ISP forced disconnect ).
Behaviour difference in sshd connections an processes, where the peer
disconnected hard:
9.2-running Host B:
connection and processes disappear after a while ( ~ 2 hours ? )
10.1-running Host A:
connection and processes linger around forever ( > 4 weeks )
Below a diff between the sshd_config files of the machines,
Changing "PrivilegeSeparation" from "sandbox" back to "yes" does not help.
Hints appreciated.
Host A sockstat lists 41 sshd processes with connected sockets for the
last 13 days,
and I *know* that these are disconnected.
Michael
1,2c1,2
< # $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
< # $FreeBSD: stable/10/crypto/openssh/sshd_config 264692 2014-04-20
12:46:18Z des $
---
> # $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $
> # $FreeBSD: release/9.1.0/crypto/openssh/sshd_config 224638
> 2011-08-03 19:14:22Z brooks $
11c11
< # possible, but leave them commented. Uncommented options override the
---
> # possible, but leave them commented. Uncommented options change a
17c17,19
< Port 22
---
> #VersionAddendum FreeBSD-20110503
>
> #Port 22
19c21
< ListenAddress x.x.x.x
---
> #ListenAddress 0.0.0.0
31d32
< #HostKey /etc/ssh/ssh_host_ed25519_key
37,39d37
< # Ciphers and keying
< #RekeyLimit default none
<
43c41
< #LogLevel INFO
---
> LogLevel DEBUG
48c46
< PermitRootLogin no
---
> PermitRootLogin yes
55,62c53
<
< # The default is to check both .ssh/authorized_keys and
.ssh/authorized_keys2
< #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
<
< #AuthorizedPrincipalsFile none
<
< #AuthorizedKeysCommand none
< #AuthorizedKeysCommandUser nobody
---
> #AuthorizedKeysFile .ssh/authorized_keys
92c83
< # and session processing. If this is enabled, PAM authentication will
---
> # and session processing. If this is enabled, PAM authentication will
108d98
< #PermitTTY yes
113c103
< #UsePrivilegeSeparation sandbox
---
> #UsePrivilegeSeparation yes
120c110
< #MaxStartups 10:30:100
---
> #MaxStartups 10
123d112
< #VersionAddendum FreeBSD-20140420
147d135
< # PermitTTY no
More information about the freebsd-stable
mailing list