Date: Wed, 13 Apr 2005 07:25:48 -0700 From: John Davis <linux0642@sbcglobal.net> To: freebsd-questions@freebsd.org Subject: Re: ssh dies Message-ID: <425D2BEC.40403@sbcglobal.net> In-Reply-To: <20050413184752.0a59b661.y2kbug@ms25.hinet.net> References: <20050413184752.0a59b661.y2kbug@ms25.hinet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Storey wrote: > Dear All, > > An interesting and disturbing problem recently appeared on our server > which is running FBSD 5.3. Rather suddenly, all users found themselves > locked out because ssh stopped working. We had to send an email to tech > support at our hosting service (Netsonic). They said this seems to be > happening frequently on many FreeBSD servers (something to do with > reaching the limit of ssh connections). They didn't tell us how to solve > the problem, but they suggested rebooting, which should return the > server under our control. We asked them to reboot and they did, problem > solved for now. > > I'm wondering if anyone knows what is causing this, and if there is a > permanent solution? The server was running fine for four months without > issues - this just suddenly came out of the blue. > > TIA, > Robert We had exactly the same problem with 5.3 on a dual opteron machine. One minute it worked and the next minute it stopped and had to be rebooted. The host insisted that this was clear evidence that machine had been compromised but this was nonsense. I have spoken to other people using 5.2 and 5.3 who report identical behavior. I don't know if it's a physical connection limit that's causing the problem though, because only two people log into my BSD server. I think a safer bet is this worm that tries to compromise servers by ssh. Perhaps the ssh server isn't cleaning up the failed connections well enough, or maybe it's detecting an attack and simply shutting down. This worm can generate a thousand or more connection attempts in a single session, so I can see how a tiny memory leak could grow into a big problem in a hurry. -- John Davis
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?425D2BEC.40403>