Date: Wed, 22 Oct 2014 16:49:05 +0200 From: "Michael Ross" <gmx@ross.cx> To: "FreeBSD Stable Mailing List" <freebsd-stable@freebsd.org> Subject: 10.1 sshd connections/processes don't die on physical disconnect ( sort-of repost ) Message-ID: <op.xn4zf3zeg7njmm@michael-think.fritz.box>
next in thread | raw e-mail | index | archive | help
Hello, I dug a bit into the observation I posted here: http://lists.freebsd.org/pipermail/freebsd-stable/2014-September/079922.html Problem as follows: Host A running 10.1-RC1 r272736 Host B running 9.2-STABLE r261716 I connect to both hosts via ssh, and then I physically interrupt the connection -- pull the network cable or power down the router. ( simulate ISP forced disconnect ). Behaviour difference in sshd connections an processes, where the peer disconnected hard: 9.2-running Host B: connection and processes disappear after a while ( ~ 2 hours ? ) 10.1-running Host A: connection and processes linger around forever ( > 4 weeks ) Below a diff between the sshd_config files of the machines, Changing "PrivilegeSeparation" from "sandbox" back to "yes" does not help. Hints appreciated. Host A sockstat lists 41 sshd processes with connected sockets for the last 13 days, and I *know* that these are disconnected. Michael 1,2c1,2 < # $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $ < # $FreeBSD: stable/10/crypto/openssh/sshd_config 264692 2014-04-20 12:46:18Z des $ --- > # $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ > # $FreeBSD: release/9.1.0/crypto/openssh/sshd_config 224638 > 2011-08-03 19:14:22Z brooks $ 11c11 < # possible, but leave them commented. Uncommented options override the --- > # possible, but leave them commented. Uncommented options change a 17c17,19 < Port 22 --- > #VersionAddendum FreeBSD-20110503 > > #Port 22 19c21 < ListenAddress x.x.x.x --- > #ListenAddress 0.0.0.0 31d32 < #HostKey /etc/ssh/ssh_host_ed25519_key 37,39d37 < # Ciphers and keying < #RekeyLimit default none < 43c41 < #LogLevel INFO --- > LogLevel DEBUG 48c46 < PermitRootLogin no --- > PermitRootLogin yes 55,62c53 < < # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 < #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 < < #AuthorizedPrincipalsFile none < < #AuthorizedKeysCommand none < #AuthorizedKeysCommandUser nobody --- > #AuthorizedKeysFile .ssh/authorized_keys 92c83 < # and session processing. If this is enabled, PAM authentication will --- > # and session processing. If this is enabled, PAM authentication will 108d98 < #PermitTTY yes 113c103 < #UsePrivilegeSeparation sandbox --- > #UsePrivilegeSeparation yes 120c110 < #MaxStartups 10:30:100 --- > #MaxStartups 10 123d112 < #VersionAddendum FreeBSD-20140420 147d135 < # PermitTTY no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.xn4zf3zeg7njmm>