Re: sshd taking 100% of cpu
Bill Unruh <unruh@physics.ubc.ca> writes:
[color=blue]
>I have an openvpn connection between a laptop and my server (point to point
>tun connection). On the laptop once every half hour I run from a cron
>ssh servername date>>/tmp/laptop
>lately I am suddenly getting that that command never releases the ssh
>connection and on the server I am getting 100% cpy useage by the sshd that
>is opened by that process. On the laptop the commend never returns. (ps
>shows it is still running)
>I tried putting the above into a command
>laptop
>#!/bin/bash
>date >> /tmp/laptop[/color]
[color=blue]
>and running
>ssh servername laptop
>instead worrying that maybe the redirection was confusing something, but
>that made no difference.[/color]
[color=blue]
>Note on server the command has completed. There is no trace of that
>date
>command in the ps on the server. It is just that sshd is not letting go and
>going into some sort of insane internal loop.[/color]
[color=blue]
>Under lsof on the server it says that there is an ipV6 with the laptop[/color]
[color=blue]
>What in the world could be going on here?[/color]
t laptop is not the problem or not the only problem. I stopped it from
using ssh to run a remote command, but the machine is still getting those
rogue sshd
Here is an example
The three key questions.
What does the [accepted] in ps mean?
in the output of lsof
that [heap] (stat: No such file or directory)
looks suspicious, and finally
sshd 27169 root 3u sock 0,4 582068 can't identify protocol
also looks suspicious.
From ps
root 27169 99.8 0.1 4652 1764 ? Rs 20:29 40:03 sshd: [accepted]`
From lsof
sshd 27169 root cwd DIR 8,17 4096 2 /
sshd 27169 root rtd DIR 8,17 4096 2 /
sshd 27169 root txt REG 8,17 351544 883719 /usr/sbin/sshd
sshd 27169 root mem REG 0,0 0 [heap] (stat: No such file or directory)
sshd 27169 root mem REG 8,17 34336 33044 /lib/libnss_files-2.4.so
sshd 27169 root mem REG 8,17 1220244 32768 /lib/i686/libc-2.4.so
sshd 27169 root mem REG 8,17 6408 32723 /lib/libcom_err.so.2.1
sshd 27169 root mem REG 8,17 11480 1390784 /usr/lib/libkrb5support.so.0.0
sshd 27169 root mem REG 8,17 163596 1390683 /usr/lib/libk5crypto.so.3.0
sshd 27169 root mem REG 8,17 545280 1390782 /usr/lib/libkrb5.so.3.2
sshd 27169 root mem REG 8,17 109744 1390679 /usr/lib/libgssapi_krb5.so.2.2
sshd 27169 root mem REG 8,17 21924 32784 /lib/libcrypt-2.4.so
sshd 27169 root mem REG 8,17 67368 33020 /lib/libnsl-2.4.so
sshd 27169 root mem REG 8,17 73156 33075 /lib/libz.so.1.2.3
sshd 27169 root mem REG 8,17 9716 33069 /lib/libutil-2.4.so
sshd 27169 root mem REG 8,17 1353872 1194916 /usr/lib/libcrypto.so.0.9.8
sshd 27169 root mem REG 8,17 59228 33059 /lib/libresolv-2.4.so
sshd 27169 root mem REG 8,17 9700 32785 /lib/libdl-2.4.so
sshd 27169 root mem REG 8,17 40764 33053 /lib/libpam.so.0.81.5
sshd 27169 root mem REG 8,17 31288 1900349 /usr/lib/libwrap.so.0.7.6
sshd 27169 root mem REG 8,17 540658 32746 /lib/ld-2.4.so
sshd 27169 root 0u CHR 1,3 1123 /dev/null
sshd 27169 root 1u CHR 1,3 1123 /dev/null
sshd 27169 root 2u CHR 1,3 1123 /dev/null
sshd 27169 root 3u sock 0,4 582068 can't identify protocol
sshd 27169 root 4r REG 8,17 3250 1669323 /etc/hosts.allow
sshd 27169 root 5w FIFO 0,5 582069 pipe
