Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a problem with the OpenSSH 3.4p1 running on my 800 Mhz P3 , but I am not sure if the problem lies with the SSH itself. There used to be a firewall module running on my Red Hat Linux which is now disabled in /etc/rc.d/rc.firewall
When we have several(as in 4 or 5 or more) SSH connections simultaneously to tale and when the server is running an intense server C program that is involved in a lot of heavy TCP and UDP data processing, the ssh will sometimes lock out with all existing connections kicked out and the not be able to log in again until the server machine is restarted. The server was also acting as a router for several computers which could pretty likely have caused some overload on the server.
However, I am wondering if there could be something quirky going on with the SSH software itself. Should I make any configurations?
I think there is nothing wrong with the SSH. I think you should check the C program that you are running. Does this happen ONLY when you are runnin' the C Prog?
TIP: Don't restart the machine, Just KILL IT! (eg. killall -9 bash)
____________________________________________________
man is our friend my friend!
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Actually, you probably want to kill the ssh daemon, not necessarily the hung shells. The shells won't prevent you from logging in again, but if the master sshd process dies or freezes, you sure won't be able to log in that way. Also, don't use -9 unless you absolutely have to. The normal kill command tells the process to shutdown nicely. Only use -9 (actually it would be safter to use -KILL, because signal numbers vary by OS) if a normal kill and a little patience doesn't work.
It sounds to me like you might be exhausting all of your available sockets and that is why sshd isn't able to spawn any listeners.
By the way, you're in serious need of an OpenSSH upgrade, that version is way out of date and has a few security vulnerabilities.
Originally posted by chort Actually, you probably want to kill the ssh daemon, not necessarily the hung shells. The shells won't prevent you from logging in again, but if the master sshd process dies or freezes, you sure won't be able to log in that way. Also, don't use -9 unless you absolutely have to. The normal kill command tells the process to shutdown nicely. Only use -9 (actually it would be safter to use -KILL, because signal numbers vary by OS) if a normal kill and a little patience doesn't work.
It sounds to me like you might be exhausting all of your available sockets and that is why sshd isn't able to spawn any listeners.
By the way, you're in serious need of an OpenSSH upgrade, that version is way out of date and has a few security vulnerabilities.
Yea, I would love to upgrade to my SSH to 3.8, but my boss is saying something like "If you upgrade it, how can u be sure there won't be any new problems, and if there are, will you be responsible for them" Yea, I guess I should try to convince him first
By the way, I have a text file that shows the output of the command "ps -e" when the server crashed. Is there anything possibly amiss?
Are there too many httpds ? Well, you see for our project, the server also has this web page with an embedded Java applet within it that users can all access over the Internet. Hence, when several users access the applet , could this be a problem, too?
In the meantime, I am going to take you guys suggestion and go look though the C program again
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Quote:
Yea, I would love to upgrade to my SSH to 3.8, but my boss is saying something like "If you upgrade it, how can u be sure there won't be any new problems, and if there are, will you be responsible for them".
Ask him this:
"What's worse, that there may be a slight problem with the newer software, or having all our machines systemticly hacked using well known and published OpenSSH buffer overflows?". If he knows that certain software is completely vulnerable to attack and could lead to every machine getting rooted, yet he does not upgrade, he will be responsible. I wonder how he would like to explain that to the board of directors? "Uhh, we didn't fix the severe security flaws because we were afraid the newer software might act weird". Right, that will go over well.
You can very easily search the web (or better yet, the SecurityFocus mailing list for SecureShell) to see if anyone has reported problems running OpenSSH 3.8.x on your OS.
By the way, it's for exactly this reason that test labs exist. You should have a small network setup in a lab where you can test new software to make sure it works OK with your OS prior to installing it on production systems. At worst you would need two machines and a switch or hub to test this out. If they're test machines, you can safely wipe them out and reinstall at any time, so you could put whatever OS on there you need, test the 3.4 software, then upgrade to 3.8 and see what changes. Make sure you read the release notes completely before upgrading so you know if you need to make any configuration changes.
The output of ps is really not going to help you. What you want is top (to see which process is using all the resources), netstat (to see how many connections have been started), and memory usage (I think you view that with the "free" command on Linux, but maybe I'm thinking of Solaris...).
Does everything else work? (i.e. your network program). Looking at you proc list, you have
1873 ? 00:00:00 dhcpcd
This would be your DHCP client. Is it something that is run manually? It has a higher PID than your shell. You should browse the logs to see if it is changing your IP address. If it is, you will lose all your current connections. sshd may be listening to one IP address, not every address. (Check the ListenAddress in /etc/ssh/sshd_config.) Perhaps you can lock down your address w/ the DHCP server. If this machine is a router to other machines, you probably don't want a DHCP client at all (YMMV).
Just a stab in the dark,
chris
P.S. Unless you trust your network (and you shouldn't), you should make sure your openssh is properly patched/upgraded.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.