Date: Thu, 20 Nov 2003 10:56:08 -0500 (EST) From: Robert Watson <rwatson@freebsd.org> To: Len Sassaman <rabbi@anonymizer.com> Cc: freebsd-current@freebsd.org Subject: Re: Help request: problems with a 5.1 server and large numbers of ssh users. Message-ID: <Pine.NEB.3.96L.1031120104909.19991E-100000@fledge.watson.org> In-Reply-To: <0C8643E8-1B1A-11D8-B160-000A959E7C72@anonymizer.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 19 Nov 2003, Len Sassaman wrote: > It is my intuition from this behavior that the sshd master process > listening for connections is unable to spawn a new process to complete > the authentication step, and thus the connection is being dropped. There > is no information of use in dmesg, nor in the system logs. (I've cranked > up LogLevel to DEBUG3 in sshd_config). > > I have a RedHat Linux server running the 2.4.18-3smp kernel on a dual > Athlon MP 1800+ and 2048MB RAM that is known to handle 1000 users > without issue -- so I have to believe the FreeBSD box, though not as > beefy hardware-wise, should be able to do better than a few hundred > users. I believe this to be some sort of resource limit issue, but I > have addressed everything I could think of. Hmm. Well, it certainly sounds like a resource limit to me, especially if it's a nice round number like "150" or "300". However, I'm also having a bit of trouble seeing, off the top of my head, which limit it might be. It sounds like you've got the ones I would think of. A quick skim of sshd.c suggests that it is pretty careful to document various failure modes in debugging output. There are one or two failures where it does not log, and they include the call to pipe() in the server loop -- if that fails, it bails without an error, which is a little surprising. Could you post server debug output for the first connection to the server that fails? This would let us "see how far it got"... In particular, whether it did spawn a child process, etc. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1031120104909.19991E-100000>