From owner-freebsd-stable@FreeBSD.ORG Wed Oct 22 15:14:28 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 97CA1F1B for ; Wed, 22 Oct 2014 15:14:28 +0000 (UTC) Received: from www81.your-server.de (www81.your-server.de [213.133.104.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5534D7DE for ; Wed, 22 Oct 2014 15:14:27 +0000 (UTC) Received: from [77.23.103.58] (helo=michael-think.fritz.box) by www81.your-server.de with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80.1) (envelope-from ) id 1XgxDq-000683-Fm for freebsd-stable@freebsd.org; Wed, 22 Oct 2014 16:49:10 +0200 Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes Subject: 10.1 sshd connections/processes don't die on physical disconnect ( sort-of repost ) To: "FreeBSD Stable Mailing List" Date: Wed, 22 Oct 2014 16:49:05 +0200 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Michael Ross" Message-ID: User-Agent: Opera Mail/1.0 (Win32) X-Authenticated-Sender: gmx@ross.cx X-Virus-Scanned: Clear (ClamAV 0.98.4/19525/Tue Oct 21 23:56:08 2014) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Oct 2014 15:14:28 -0000 Hello, I dug a bit into the observation I posted here: http://lists.freebsd.org/pipermail/freebsd-stable/2014-September/079922.html Problem as follows: Host A running 10.1-RC1 r272736 Host B running 9.2-STABLE r261716 I connect to both hosts via ssh, and then I physically interrupt the connection -- pull the network cable or power down the router. ( simulate ISP forced disconnect ). Behaviour difference in sshd connections an processes, where the peer disconnected hard: 9.2-running Host B: connection and processes disappear after a while ( ~ 2 hours ? ) 10.1-running Host A: connection and processes linger around forever ( > 4 weeks ) Below a diff between the sshd_config files of the machines, Changing "PrivilegeSeparation" from "sandbox" back to "yes" does not help. Hints appreciated. Host A sockstat lists 41 sshd processes with connected sockets for the last 13 days, and I *know* that these are disconnected. Michael 1,2c1,2 < # $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $ < # $FreeBSD: stable/10/crypto/openssh/sshd_config 264692 2014-04-20 12:46:18Z des $ --- > # $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ > # $FreeBSD: release/9.1.0/crypto/openssh/sshd_config 224638 > 2011-08-03 19:14:22Z brooks $ 11c11 < # possible, but leave them commented. Uncommented options override the --- > # possible, but leave them commented. Uncommented options change a 17c17,19 < Port 22 --- > #VersionAddendum FreeBSD-20110503 > > #Port 22 19c21 < ListenAddress x.x.x.x --- > #ListenAddress 0.0.0.0 31d32 < #HostKey /etc/ssh/ssh_host_ed25519_key 37,39d37 < # Ciphers and keying < #RekeyLimit default none < 43c41 < #LogLevel INFO --- > LogLevel DEBUG 48c46 < PermitRootLogin no --- > PermitRootLogin yes 55,62c53 < < # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 < #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 < < #AuthorizedPrincipalsFile none < < #AuthorizedKeysCommand none < #AuthorizedKeysCommandUser nobody --- > #AuthorizedKeysFile .ssh/authorized_keys 92c83 < # and session processing. If this is enabled, PAM authentication will --- > # and session processing. If this is enabled, PAM authentication will 108d98 < #PermitTTY yes 113c103 < #UsePrivilegeSeparation sandbox --- > #UsePrivilegeSeparation yes 120c110 < #MaxStartups 10:30:100 --- > #MaxStartups 10 123d112 < #VersionAddendum FreeBSD-20140420 147d135 < # PermitTTY no