Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 20 Nov 2003 10:56:08 -0500 (EST)
From:      Robert Watson <rwatson@freebsd.org>
To:        Len Sassaman <rabbi@anonymizer.com>
Cc:        freebsd-current@freebsd.org
Subject:   Re: Help request: problems with a 5.1 server and large numbers of ssh	users.
Message-ID:  <Pine.NEB.3.96L.1031120104909.19991E-100000@fledge.watson.org>
In-Reply-To: <0C8643E8-1B1A-11D8-B160-000A959E7C72@anonymizer.com>

next in thread | previous in thread | raw e-mail | index | archive | help

On Wed, 19 Nov 2003, Len Sassaman wrote:

> It is my intuition from this behavior that the sshd master process
> listening for connections is unable to spawn a new process to complete
> the authentication step, and thus the connection is being dropped. There
> is no information of use in dmesg, nor in the system logs. (I've cranked
> up LogLevel to DEBUG3 in sshd_config). 
> 
> I have a RedHat Linux server running the 2.4.18-3smp kernel on a dual
> Athlon MP 1800+ and 2048MB RAM that is known to handle 1000 users
> without issue -- so I have to believe the FreeBSD box, though not as
> beefy hardware-wise, should be able to do better than a few hundred
> users. I believe this to be some sort of resource limit issue, but I
> have addressed everything I could think of. 

Hmm.  Well, it certainly sounds like a resource limit to me, especially if
it's a nice round number like "150" or "300".  However, I'm also having a
bit of trouble seeing, off the top of my head, which limit it might be. 
It sounds like you've got the ones I would think of.  A quick skim of
sshd.c suggests that it is pretty careful to document various failure
modes in debugging output.  There are one or two failures where it does
not log, and they include the call to pipe() in the server loop -- if that
fails, it bails without an error, which is a little surprising.  Could you
post server debug output for the first connection to the server that
fails?  This would let us "see how far it got"...  In particular, whether
it did spawn a child process, etc.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1031120104909.19991E-100000>