Package: openssh-server Version: 1:7.4p1-10 Severity: normal rjc soft as 20000
On a standard Jessie AMD64 configuration I could have an entry in /etc/security/limits.conf like the above and still be able to login. The sshd process for the user login is reported by ps as having a VSZ of 80520, but /etc/security/limits.conf doesn't apply to it. test soft as 95400 On a fairly standard Unstable configuration I need the above as the minimum limit to allow a login. Apr 16 22:47:45 server sshd[24492]: fatal: monitor_apply_keystate: packet_set_state: memory allocation failed If I have a lower number (even 95300) I get a log message like the above and the ssh connection is aborted. I think that sshd should not apply /etc/security/limits.conf to it's own processes and only apply it to user processes (as Jessie did). Also sshd needs more RAM than it used to (about 95M for Stretch, 93M for Unstable, 81M for Jessie, and 71M for Wheezy) which exacerbates this. I expect that libc etc are to blame for some of the memory use. But it would be nice if it didn't continue the trend of an extra 10M per release when significant features like SSHv1 support are being removed. -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages openssh-server depends on: ii adduser 3.115 ii debconf [debconf-2.0] 1.5.60 ii dpkg 1.18.23 ii init-system-helpers 1.47 ii libaudit1 1:2.6.7-2 ii libc6 2.24-10 ii libcomerr2 1.43.4-2 ii libgssapi-krb5-2 1.15-1 ii libkrb5-3 1.15-1 ii libpam-modules 1.1.8-3.5 ii libpam-runtime 1.1.8-3.5 ii libpam0g 1.1.8-3.5 ii libselinux1 2.6-3+b1 ii libssl1.0.2 1.0.2k-1 ii libsystemd0 232-22 ii libwrap0 7.6.q-26 ii lsb-base 9.20161125 ii openssh-client 1:7.4p1-10 ii openssh-sftp-server 1:7.4p1-10 ii procps 2:3.3.12-3 ii ucf 3.0036 ii zlib1g 1:1.2.8.dfsg-5 Versions of packages openssh-server recommends: ii libpam-systemd 232-22 ii ncurses-term 6.0+20161126-1 ii xauth 1:1.0.9-1+b2 Versions of packages openssh-server suggests: pn molly-guard <none> pn monkeysphere <none> pn rssh <none> pn ssh-askpass <none> pn ufw <none> -- debconf information: * ssh/use_old_init_script: true ssh/disable_cr_auth: false ssh/encrypted_host_key_but_no_keygen: ssh/vulnerable_host_keys: openssh-server/permit-root-login: true ssh/new_config: true
