From owner-freebsd-hackers@FreeBSD.ORG Mon May 19 10:16:12 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D4B6737B401 for ; Mon, 19 May 2003 10:16:12 -0700 (PDT) Received: from mail.econolodgetulsa.com (mail.econolodgetulsa.com [198.78.66.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4E55243F75 for ; Mon, 19 May 2003 10:16:12 -0700 (PDT) (envelope-from user@mail.econolodgetulsa.com) Received: from mail (mail [198.78.66.163])h4JHGSeq030974 for ; Mon, 19 May 2003 10:16:28 -0700 (PDT) (envelope-from user@mail.econolodgetulsa.com) Date: Mon, 19 May 2003 10:16:28 -0700 (PDT) From: Josh Brooks To: freebsd-hackers@freebsd.org Message-ID: <20030519100216.S46314-100000@mail.econolodgetulsa.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: ssh pty alloc broken in 4.8, just like it was in 4.4 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 May 2003 17:16:13 -0000 Folks, In FreeBSD 4.4, if you set up a system with say ... 10-12 jails on it, and every jail user started 2-3 ssh logins, or a few screen sessions, etc., you would start to see people refused their logins - that is, they could not longer ssh into their server OR create additional screen windows. Even if you the following in the kernel: maxusers 512 pseudo-device pty 256 # Pseudo-ttys (telnet etc) and, _did_ the following in the base system /dev _and_ in the /dev of all the jailed systems: cd /dev for i in 1 2 3 4 5 6 7 ; do sh MAKEDEV pty$i ; done You would still see this problem. After a few discussions on -hackers, I was told that there was actually a bug in the sshd/ssh in 4.4 that affected its pty/tty allocation, and it seems as if this was true, because since 4.4 I have never seen this again. ----- Now it is back in 4.8. Maybe slightly different, but here is what I am seeing: With appropriate lines set in the kernel: maxusers 512 pseudo-device pty 256 # Pseudo-ttys (telnet etc) and with every pty created in /dev of the base system _and_ inside every jail: cd /dev for i in 1 2 3 4 5 6 7 ; do sh MAKEDEV pty$i ; done I now have jail users that cannot log in at all. When they attempt to ssh to their system they see: Warning: Remote host failed or refused to allocate a pseudo tty. and in /var/log/messages they see: May 10 10:38:18 jail sshd[455]: error: openpty: No such file or directory May 10 10:38:18 jail sshd[456]: error: session_pty_req: session 4 alloc failed So that's that. Again, identical machine, identical configuration, and _fewer_ jails than an identical 4.7 system I have running - haven't seen this happen since 4.4 and am very disappointed to see the error reintroduced now. a) what can I do to fix this, and what further troubleshooting can I do to help you solve this problem ? b) On the outside chance that this problem really does not occur in 4.8, and in reality I have some third issue that just ate up a ton of ptys in some weird way that is easy to reset, what is a good way to see all the ptys in use and their uses ? Any help it appreciated - as you can imagine, this is a fairly serious issue. Thanks!