This is reproducible on demand with: > for n in $(seq 1 6164) ; do ssh [email protected] ; done
Since PasswordAuthentication is disabled, an invalid user means the ssh client gets disconnected without prompting for a password, repeatedly. In fewer than 6164 iterations it becomes impossible for anyone to log in. With this method, only one connection is opened at a time (so the MaxStartups limit is unrelated to this issue). I had also turned off the UseDNS option. My existing ssh session doesn't get killed. I'm still able to spawn one process at a time (as root) from the shell, but trying to pipe it through another (like grep) fails with "bash: fork: Resource temporarily unavailable". The ~6000 invisible sshd child processes do not exist as /proc/<pid>, or in the output of 'ps', and 'netstat -an' doesn't show any related sockets left open. By accident I noticed that killing off a totally unrelated process (nginx) cleans up the issue and I can start over again opening another ~6000 connections before it recurs. I'm a bit confused whether this is something going wrong in the kernel, in linprocfs and/or eglibc. I doubt sshd could be to blame, and that it is merely exposing some underlying problem. This is on the 9.0.1-amd64_9.0-4 kernel, up-to-date Wheezy. Regards, -- Steven Chamberlain [email protected] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
