Hi there

I have a problem with the OpenSSH 3.4p1 running on my 800 Mhz P3 , but I am not sure if the problem lies with the SSH itself. There used to be a firewall module running on my Red Hat Linux which is now disabled in /etc/rc.d/rc.firewall

When we have several(as in 4 or 5 or more) SSH connections simultaneously to tale and when the server is running an intense server C program that is involved in a lot of heavy TCP and UDP data processing, the ssh will sometimes lock out with all existing connections kicked out and the not be able to log in again until the server machine is restarted. The server was also acting as a router for several computers which could pretty likely have caused some overload on the server.

However, I am wondering if there could be something quirky going on with the SSH software itself. Should I make any configurations?

Thanks !

Hi,

I think there is nothing wrong with the SSH. I think you should check the C program that you are running. Does this happen ONLY when you are runnin' the C Prog?

TIP: Don't restart the machine, Just KILL IT! (eg. killall -9 bash)

____________________________________________________
man is our friend my friend!

Actually, you probably want to kill the ssh daemon, not necessarily the hung shells. The shells won't prevent you from logging in again, but if the master sshd process dies or freezes, you sure won't be able to log in that way. Also, don't use -9 unless you absolutely have to. The normal kill command tells the process to shutdown nicely. Only use -9 (actually it would be safter to use -KILL, because signal numbers vary by OS) if a normal kill and a little patience doesn't work.

It sounds to me like you might be exhausting all of your available sockets and that is why sshd isn't able to spawn any listeners.

By the way, you're in serious need of an OpenSSH upgrade, that version is way out of date and has a few security vulnerabilities.

Yea, I would love to upgrade to my SSH to 3.8, but my boss is saying something like "If you upgrade it, how can u be sure there won't be any new problems, and if there are, will you be responsible for them" Yea, I guess I should try to convince him first

By the way, I have a text file that shows the output of the command "ps -e" when the server crashed. Is there anything possibly amiss?

PID TTY TIME CMD
1 ? 00:00:04 init
2 ? 00:00:00 keventd
3 ? 00:00:00 kapmd
4 ? 00:00:00 ksoftirqd_CPU0
5 ? 00:00:00 kswapd
6 ? 00:00:00 bdflush
7 ? 00:00:00 kupdated
8 ? 00:00:00 mdrecoveryd
12 ? 00:00:00 kjournald
91 ? 00:00:00 khubd
269 ? 00:00:00 kjournald
270 ? 00:00:00 kjournald
726 ? 00:00:00 syslogd
731 ? 00:00:00 klogd
751 ? 00:00:00 portmap
779 ? 00:00:00 rpc.statd
894 ? 00:00:00 apmd
948 ? 00:00:00 sshd
981 ? 00:00:00 xinetd
1003 ? 00:00:00 lpd
1033 ? 00:00:00 sendmail
1052 ? 00:00:00 gpm
1070 ? 00:00:00 crond
1108 ? 00:00:00 atd
1135 ? 00:00:00 rhnsd
1176 ? 00:00:00 httpd
1180 ? 00:00:00 login
1181 tty2 00:00:00 mingetty
1182 tty3 00:00:00 mingetty
1183 tty4 00:00:00 mingetty
1184 tty5 00:00:00 mingetty
1185 tty6 00:00:00 mingetty
1186 ? 00:00:00 httpd
1187 ? 00:00:00 httpd
1188 ? 00:00:00 httpd
1189 ? 00:00:00 httpd
1190 ? 00:00:00 httpd
1191 ? 00:00:00 httpd
1192 ? 00:00:00 httpd
1193 ? 00:00:00 httpd
1786 tty1 00:00:00 bash
1873 ? 00:00:00 dhcpcd
1930 tty1 00:00:00 ps

Are there too many httpds ? Well, you see for our project, the server also has this web page with an embedded Java applet within it that users can all access over the Internet. Hence, when several users access the applet , could this be a problem, too?

In the meantime, I am going to take you guys suggestion and go look though the C program again

THZ

Ask him this:
"What's worse, that there may be a slight problem with the newer software, or having all our machines systemticly hacked using well known and published OpenSSH buffer overflows?". If he knows that certain software is completely vulnerable to attack and could lead to every machine getting rooted, yet he does not upgrade, he will be responsible. I wonder how he would like to explain that to the board of directors? "Uhh, we didn't fix the severe security flaws because we were afraid the newer software might act weird". Right, that will go over well.

You can very easily search the web (or better yet, the SecurityFocus mailing list for SecureShell) to see if anyone has reported problems running OpenSSH 3.8.x on your OS.

By the way, it's for exactly this reason that test labs exist. You should have a small network setup in a lab where you can test new software to make sure it works OK with your OS prior to installing it on production systems. At worst you would need two machines and a switch or hub to test this out. If they're test machines, you can safely wipe them out and reinstall at any time, so you could put whatever OS on there you need, test the 3.4 software, then upgrade to 3.8 and see what changes. Make sure you read the release notes completely before upgrading so you know if you need to make any configuration changes.

The output of ps is really not going to help you. What you want is top (to see which process is using all the resources), netstat (to see how many connections have been started), and memory usage (I think you view that with the "free" command on Linux, but maybe I'm thinking of Solaris...).

d2army

Does everything else work? (i.e. your network program). Looking at you proc list, you have

1873 ? 00:00:00 dhcpcd

This would be your DHCP client. Is it something that is run manually? It has a higher PID than your shell. You should browse the logs to see if it is changing your IP address. If it is, you will lose all your current connections. sshd may be listening to one IP address, not every address. (Check the ListenAddress in /etc/ssh/sshd_config.) Perhaps you can lock down your address w/ the DHCP server. If this machine is a router to other machines, you probably don't want a DHCP client at all (YMMV).

Just a stab in the dark,
chris

P.S. Unless you trust your network (and you shouldn't), you should make sure your openssh is properly patched/upgraded.