From owner-freebsd-stable  Sun Mar 16 10:20:19 2003
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F34CA37B401
	for <FreeBSD-STABLE@FreeBSD.org>; Sun, 16 Mar 2003 10:20:14 -0800 (PST)
Received: from mail.lambertfam.org (www.lambertfam.org [216.223.196.6])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DE40D43FA3
	for <FreeBSD-STABLE@FreeBSD.org>; Sun, 16 Mar 2003 10:20:13 -0800 (PST)
	(envelope-from lambert@lambertfam.org)
Received: from laptop.lambertfam.org (laptop.int.lambertfam.org [10.1.0.2])
	by mail.lambertfam.org (Postfix) with ESMTP id C2098351CA
	for <FreeBSD-STABLE@FreeBSD.org>; Sun, 16 Mar 2003 13:20:11 -0500 (EST)
Received: by laptop.lambertfam.org (Postfix, from userid 1000)
	id BE0A982A4; Sun, 16 Mar 2003 13:20:02 -0500 (EST)
Date: Sun, 16 Mar 2003 13:20:02 -0500
From: Scott Lambert <lambert@lambertfam.org>
To: FreeBSD-STABLE@FreeBSD.org
Subject: sshd problem on -STABLE
Message-ID: <20030316182002.GA55347@laptop.lambertfam.org>
Mail-Followup-To: FreeBSD-STABLE@FreeBSD.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

I'm running an old fashioned ISP that still believes in providing a
shell server.  On the shell server only, I have been having problems
with sshd since the last upgrade to FreeBSD-STABLE on February 25, 2003,
we have been having problems with ssh not accepting connections.  We can
console in and HUP sshd to get things working.

Before this upgrade we were running the RELENG_4_7 branch. 

nagios check_ssh says:
SSH ok - OpenSSH_3.5p1 FreeBSD-20030201 (protocol 1.99)

I just had to change usernames other than my own and block IPs.  Users
numberred 100 and up are not logged in but have sshd processes.

w says:
12:24PM  up 16 days,  8:06, 23 users, load averages: 1.00, 1.00, 1.00
USER             TTY      FROM              LOGIN@  IDLE WHAT
user1            p0       XXXXXXXXXXXXXXXX  1:24AM    58 mutt
user2            p1       XXXXXXXXXXXXXXXX Wed06AM  4:27 -bash (bash)
user3            p2       XXXXXXXXXXXXXXXX Sat01AM  9:04 pine -i
user2            p3       XXXXXXXXXXXXXXXX Fri05PM 1day  -bash (bash)
user4            p4       XXXXXXXXXXXXXXXX Tue04PM 1day  -bash (bash)
user5            p5       XXXXXXXXXXXXXXXX Tue04PM 1day  -bash (bash)
user6            p6       XXXXXXXXXXXXXXXX Mon06PM 12:05 pine
user7            p7       XXXXXXXXXXXXXXXX Wed11PM  3:31 tf (tf-40g2)
user8            p8       XXXXXXXXXXXXXXXX  7:08AM     1 pine
user9            p9       XXXXXXXXXXXXXXXX 10:24AM  1:32 pine
user10           pa       XXXXXXXXXXXXXXXX 11:50AM     4 pine
user11           pb       XXXXXXXXXXXXXXXX 08Mar03 8days ping -i 5 XXXXXXXXXXXX
user12           pc       XXXXXXXXXXXXXXXX Mon06PM  4:27 -tcsh (tcsh)
user11           pd       XXXXXXXXXXXXXXXX 08Mar03 7days pine
user13           pe       XXXXXXXXXXXXXXXX 12:09PM    13 -ksh (ksh)
user4            pf       XXXXXXXXXXXXXXXX Fri09PM 1day  pine -i
scott            pg       XXXXXXXXXXXXXXXX 12:23PM     - w
user14           ph       XXXXXXXXXXXXXXXX Fri11PM 1day  pine
user5            pi       XXXXXXXXXXXXXXXX Tue04PM 1day  ping XXXXXXXXXXXXX
user15           pj       XXXXXXXXXXXXXXXX 28Feb03 1day  -bash (bash)
user16           pk       XXXXXXXXXXXXXXXX Sat12PM 10:42 -bash (bash)
user12           pn       XXXXXXXXXXXXXXXX Thu01PM 1day  -tcsh (tcsh)
user11           po       XXXXXXXXXXXXXXXX Thu02PM 1day  -bash (bash)

ps -ax | grep sshd says:
  687  ??  I      0:00.11 sshd: user6 [priv] (sshd)
  689  ??  I      0:06.53 sshd: user6@ttyp6 (sshd)
 2969  ??  I      0:00.00 sshd: user100 [priv] (sshd)
 5784  ??  I      0:00.00 sshd: user100 [priv] (sshd)
 5820  ??  I      0:00.00 sshd: user100 [priv] (sshd)
 7486  ??  I      0:00.00 sshd: user100 [priv] (sshd)
 9449  ??  I      0:00.00 sshd: user101 [priv] (sshd)
 9460  ??  I      0:00.00 sshd: user100 [priv] (sshd)
 9968  ??  I      0:00.00 sshd: user100 [priv] (sshd)
10026  ??  Is     0:06.52 /usr/sbin/sshd
10097  ??  I      0:00.08 sshd: user15 [priv] (sshd)
10100  ??  I      0:02.09 sshd: user15@ttypj (sshd)
10393  ??  I      0:00.00 sshd: user100 [priv] (sshd)
10475  ??  I      0:00.00 sshd: user101 [priv] (sshd)
11243  ??  I      0:00.08 sshd: user102 [priv] (sshd)
11246  ??  I      0:00.22 sshd: user102@ttyp0 (sshd)
14008  ??  I      0:00.00 sshd: user100 [priv] (sshd)
14428  ??  I      0:00.00 sshd: user101 [priv] (sshd)
17607  ??  I      0:00.05 sshd: user9 [priv] (sshd)
17610  ??  I      0:00.21 sshd: user9@ttyp9 (sshd)
18476  ??  I      0:00.00 sshd: user100 [priv] (sshd)
19135  ??  I      0:00.09 sshd: user10 [priv] (sshd)
19138  ??  I      0:00.14 sshd: user10@ttypa (sshd)
19176  ??  I      0:00.00 sshd: user100 [priv] (sshd)
19532  ??  I      0:00.09 sshd: user12 [priv] (sshd)
19538  ??  I      0:01.68 sshd: user12@ttypn (sshd)
19609  ??  I      0:00.05 sshd: user13 [priv] (sshd)
19613  ??  I      0:00.03 sshd: user13@ttype (sshd)
19848  ??  I      0:00.11 sshd: scott [priv] (sshd)
19851  ??  S      0:00.10 sshd: scott@ttypg (sshd)
20915  ??  I      0:00.00 sshd: user100 [priv] (sshd)
21565  ??  I      0:00.00 sshd: user100 [priv] (sshd)
21838  ??  I      0:00.10 sshd: user11 [priv] (sshd)
21842  ??  I      0:00.00 sshd: user11 [priv] (sshd)
21848  ??  I      0:00.23 sshd: user11@ttypo (sshd)
21857  ??  I      0:00.08 sshd: user11 [priv] (sshd)
21865  ??  S      0:45.16 sshd: user11@ttypb (sshd)
22059  ??  I      0:00.00 sshd: user100 [priv] (sshd)
22940  ??  I      0:00.00 sshd: user100 [priv] (sshd)
25473  ??  I      0:00.00 sshd: user100 [priv] (sshd)
26551  ??  I      0:00.00 sshd: user100 [priv] (sshd)
29381  ??  I      0:00.08 sshd: user11 [priv] (sshd)
29390  ??  I      0:00.06 sshd: user11@ttypd (sshd)
29965  ??  I      0:00.00 sshd: user100 [priv] (sshd)
30629  ??  I      0:00.00 sshd: user101 [priv] (sshd)
31530  ??  I      0:00.00 sshd: user101 [priv] (sshd)
32680  ??  I      0:00.00 sshd: user100 [priv] (sshd)
33666  ??  I      0:00.00 sshd: user100 [priv] (sshd)
35367  ??  I      0:00.00 sshd: user100 [priv] (sshd)
39780  ??  I      0:00.00 sshd: user100 [priv] (sshd)
40613  ??  I      0:00.00 sshd: user11 [priv] (sshd)
40914  ??  I      0:00.07 sshd: user4 [priv] (sshd)
40919  ??  I      0:04.69 sshd: user4@ttyp4 (sshd)
40937  ??  I      0:00.08 sshd: user5 [priv] (sshd)
40940  ??  I      0:11.04 sshd: user5@ttyp5 (sshd)
41010  ??  I      0:00.08 sshd: user5 [priv] (sshd)
41021  ??  S      1:16.62 sshd: user5@ttypi (sshd)
41564  ??  I      0:00.00 sshd: user100 [priv] (sshd)
43317  ??  I      0:00.00 sshd: user100 [priv] (sshd)
46811  ??  I      0:00.00 sshd: user100 [priv] (sshd)
50682  ??  I      0:00.00 sshd: user103 [priv] (sshd)
51177  ??  I      0:00.00 sshd: user100 [priv] (sshd)
52650  ??  I      0:00.00 sshd: user100 [priv] (sshd)
52660  ??  I      0:00.00 sshd: user100 [priv] (sshd)
52925  ??  I      0:00.00 sshd: user100 [priv] (sshd)
53060  ??  I      0:00.00 sshd: user101 [priv] (sshd)
57462  ??  I      0:00.00 sshd: user100 [priv] (sshd)
58399  ??  I      0:00.00 sshd: user100 [priv] (sshd)
63171  ??  I      0:00.00 sshd: user100 [priv] (sshd)
65297  ??  I      0:00.00 sshd: user100 [priv] (sshd)
66652  ??  I      0:00.00 sshd: user100 [priv] (sshd)
68628  ??  I      0:00.00 sshd: user100 [priv] (sshd)
70694  ??  I      0:00.00 sshd: user100 [priv] (sshd)
71375  ??  I      0:00.00 sshd: user100 [priv] (sshd)
71381  ??  I      0:00.00 sshd: user100 [priv] (sshd)
73117  ??  I      0:00.00 sshd: user100 [priv] (sshd)
73915  ??  I      0:00.09 sshd: user2 [priv] (sshd)
73949  ??  I      0:00.02 sshd: user2@ttyp3 (sshd)
74314  ??  I      0:00.00 sshd: user100 [priv] (sshd)
76726  ??  I      0:00.00 sshd: user100 [priv] (sshd)
78899  ??  I      0:00.00 sshd: user100 [priv] (sshd)
79367  ??  I      0:00.09 sshd: user4 [priv] (sshd)
79373  ??  I      0:00.61 sshd: user4@ttypf (sshd)
80293  ??  I      0:00.00 sshd: user100 [priv] (sshd)
81451  ??  I      0:00.00 sshd: user100 [priv] (sshd)
82500  ??  I      0:00.08 sshd: user14 [priv] (sshd)
82504  ??  I      0:00.08 sshd: user14@ttyph (sshd)
83261  ??  I      0:00.00 sshd: user11 [priv] (sshd)
83339  ??  I      0:00.00 sshd: user100 [priv] (sshd)
84262  ??  I      0:00.09 sshd: user4 [priv] (sshd)
84264  ??  I      0:03.92 sshd: user4@ttyp2 (sshd)
84365  ??  I      0:00.00 sshd: user100 [priv] (sshd)
84733  ??  I      0:00.00 sshd: user100 [priv] (sshd)
85796  ??  I      0:00.00 sshd: user100 [priv] (sshd)
86771  ??  I      0:00.00 sshd: user100 [priv] (sshd)
87634  ??  I      0:00.00 sshd: user100 [priv] (sshd)
88672  ??  I      0:00.00 sshd: user100 [priv] (sshd)
90718  ??  I      0:00.00 sshd: user100 [priv] (sshd)
92881  ??  I      0:00.00 sshd: user100 [priv] (sshd)
93246  ??  I      0:00.00 sshd: user100 [priv] (sshd)
94376  ??  I      0:00.00 sshd: user100 [priv] (sshd)
94411  ??  I      0:00.00 sshd: user100 [priv] (sshd)
95188  ??  I      0:00.00 sshd: user101 [priv] (sshd)
95257  ??  I      0:00.00 sshd: user101 [priv] (sshd)
95611  ??  I      0:00.00 sshd: user100 [priv] (sshd)
96008  ??  I      0:00.00 sshd: user100 [priv] (sshd)
96332  ??  I      0:00.09 sshd: user16 [priv] (sshd)
96342  ??  I      0:00.11 sshd: user16@ttypk (sshd)
98918  ??  I      0:00.00 sshd: user100 [priv] (sshd)
99488  ??  I      0:00.00 sshd: user100 [priv] (sshd)

-- 
Scott Lambert                    KC5MLE                       Unix SysAdmin
lambert@lambertfam.org      

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message