We saw the following happen on a system today, and wanted to follow up:

System became unresponsive to ssh logins with the error:

ssh -v incentives01

OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 4: Applying options for *

debug1: Connecting to incentives01 [172.31.9.16] port 22.

debug1: Connection established.

debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa type -1

debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa-cert type -1

debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa type -1

debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa-cert type -1

debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa type -1

debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa-cert type -1

debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519 type -1

debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519-cert type -1

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_6.6.1

debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1

debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-ctr hmac-md5-...@openssh.com none

debug1: kex: client->server aes128-ctr hmac-md5-...@openssh.com none

debug1: kex: curve25519-sha...@libssh.org need=16 dh_need=16

debug1: kex: curve25519-sha...@libssh.org need=16 dh_need=16

debug1: sending SSH2_MSG_KEX_ECDH_INIT

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug1: Server host key: ECDSA
89:e0:f8:25:21:db:c9:46:67:14:38:0c:c1:f4:f7:51

debug1: Host 'incentives01' is known and matches the ECDSA host key.

debug1: Found key in /home/jeff.hallyburton/.ssh/known_hosts:7

debug1: ssh_ecdsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

This is a private computer system which is restricted to authorized
individuals.


Actual or attempted unauthorized use of this computer system will result in

criminal and/or civil prosecution.


We reserve the right to view, monitor and record activity on the system
without

notice or permission. Any information obtained by monitoring, reviewing or

recording is subject to review by law enforcement organizations in
connection

with the investigation or prosecution of possible criminal activity on this
system.


If you are not an authorized user of this system or do not consent to
continued

monitoring, disconnect at this time.

debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic

debug1: Next authentication method: gssapi-keyex

debug1: No valid Key exchange context

debug1: Next authentication method: gssapi-with-mic

debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic

debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic

debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic

Received disconnect from 172.31.9.16: 2: Too many authentication failures
for jeff.hallyburton

Ultimately we rebooted the node to restore connectivity.  After we were
back in, we're seeing that sssd crashed due what looks like a memory
allocation error:

/var/log/sssd/sssd.log

# cat /var/log/sssd/sssd.log

(Thu Jan 28 20:15:56 2016) [sssd] [mt_svc_sigkill] (0x0010): [enervee.com][620]
is not responding to SIGTERM. Sending SIGKILL.

(Thu Jan 28 20:16:27 2016) [sssd] [talloc_log_fn] (0x0010): talloc: access
after free error - first free may be at src/monitor/monitor.c:2760


(Thu Jan 28 20:16:27 2016) [sssd] [talloc_log_fn] (0x0010): Bad talloc
magic value - access after free

/var/log/secure

Jan 28 20:05:48 incentives01 sshd[26145]: Timeout, client not responding.

Jan 28 20:05:48 incentives01 sshd[26142]: pam_unix(sshd:session): session
closed for user

Jan 28 20:16:28 incentives01 sshd[14504]: Timeout, client not responding.

Jan 28 20:16:28 incentives01 sshd[14501]: pam_systemd(sshd:session): Failed
to release session: Connection timed out

Jan 28 20:16:28 incentives01 sshd[14501]: pam_unix(sshd:session): session
closed for user

Jan 28 20:16:28 incentives01 sshd[14501]: pam_sss(sshd:session): Request to
sssd failed. Bad address

Jan 28 20:16:29 incentives01 sshd[14501]: fatal: login_init_entry: Cannot
find user

Jan 28 20:21:40 incentives01 sshd[26882]: Invalid user from 172.31.8.34

The system may have simply run out of ram, but wanted to check to see if
there were any known or contributing issues.

Thanks,

Jeff

Jeff Hallyburton
Strategic Systems Engineer
Bloomip Inc.
Web: http://www.bloomip.com

Engineering Support: supp...@bloomip.com
Billing Support: bill...@bloomip.com
Customer Support Portal:  https://my.bloomip.com <http://my.bloomip.com/>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to