https://bugzilla.mindrot.org/show_bug.cgi?id=2646
--- Comment #5 from Darren Tucker <dtuc...@zip.com.au> --- (In reply to Akshay from comment #4) > Okay, I was able to reproduce the issue using `OpenSSH_7.2p2, > OpenSSL 1.0.2g 1 Mar 2016` Thanks. > nsadmin 22 0.0 0.0 0 0 ? Z 22:48 0:00 > [sshd] <defunct> If I'm reading this correctly that's the post-auth unprivileged process (pid 22 in this example) not the [priv] process (pid 20 in this example). I think I can see how this would happen. After accepting the connection and forking off a copy, sshd re-execs itself with the "-R" flag in order to (hopefully) get a new address space layout. -R sets: case 'R': rexeced_flag = 1; inetd_flag = 1; then a bit later when the signal handlers are set up: /* Get a connection, either from inetd or a listening TCP socket */ if (inetd_flag) { server_accept_inetd(&sock_in, &sock_out); } else { [...] signal(SIGCHLD, main_sigchld_handler); You can test this theory by running your sshd with the (undocumented) "-r" option to disable the re-exec. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs