sshd taking 100% of cpu - SSH

This is a discussion on sshd taking 100% of cpu - SSH ; I have an openvpn connection between a laptop and my server (point to point tun connection). On the laptop once every half hour I run from a cron ssh servername date>>/tmp/laptop lately I am suddenly getting that that command never ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: sshd taking 100% of cpu

  1. sshd taking 100% of cpu

    I have an openvpn connection between a laptop and my server (point to point
    tun connection). On the laptop once every half hour I run from a cron
    ssh servername date>>/tmp/laptop
    lately I am suddenly getting that that command never releases the ssh
    connection and on the server I am getting 100% cpy useage by the sshd that
    is opened by that process. On the laptop the commend never returns. (ps
    shows it is still running)
    I tried putting the above into a command
    laptop
    #!/bin/bash
    date >> /tmp/laptop

    and running
    ssh servername laptop
    instead worrying that maybe the redirection was confusing something, but
    that made no difference.

    Note on server the command has completed. There is no trace of that
    date
    command in the ps on the server. It is just that sshd is not letting go and
    going into some sort of insane internal loop.


    Under lsof on the server it says that there is an ipV6 with the laptop

    What in the world could be going on here?


  2. Re: sshd taking 100% of cpu

    Bill Unruh writes:

    >I have an openvpn connection between a laptop and my server (point to point
    >tun connection). On the laptop once every half hour I run from a cron
    >ssh servername date>>/tmp/laptop
    >lately I am suddenly getting that that command never releases the ssh
    >connection and on the server I am getting 100% cpy useage by the sshd that
    >is opened by that process. On the laptop the commend never returns. (ps
    >shows it is still running)
    >I tried putting the above into a command
    >laptop
    >#!/bin/bash
    >date >> /tmp/laptop


    >and running
    >ssh servername laptop
    >instead worrying that maybe the redirection was confusing something, but
    >that made no difference.


    >Note on server the command has completed. There is no trace of that
    >date
    >command in the ps on the server. It is just that sshd is not letting go and
    >going into some sort of insane internal loop.



    >Under lsof on the server it says that there is an ipV6 with the laptop


    >What in the world could be going on here?

    t laptop is not the problem or not the only problem. I stopped it from
    using ssh to run a remote command, but the machine is still getting those
    rogue sshd

    Here is an example

    The three key questions.
    What does the [accepted] in ps mean?

    in the output of lsof
    that [heap] (stat: No such file or directory)
    looks suspicious, and finally
    sshd 27169 root 3u sock 0,4 582068 can't identify protocol
    also looks suspicious.


    From ps

    root 27169 99.8 0.1 4652 1764 ? Rs 20:29 40:03 sshd: [accepted]`

    From lsof

    sshd 27169 root cwd DIR 8,17 4096 2 /
    sshd 27169 root rtd DIR 8,17 4096 2 /
    sshd 27169 root txt REG 8,17 351544 883719 /usr/sbin/sshd
    sshd 27169 root mem REG 0,0 0 [heap] (stat: No such file or directory)
    sshd 27169 root mem REG 8,17 34336 33044 /lib/libnss_files-2.4.so
    sshd 27169 root mem REG 8,17 1220244 32768 /lib/i686/libc-2.4.so
    sshd 27169 root mem REG 8,17 6408 32723 /lib/libcom_err.so.2.1
    sshd 27169 root mem REG 8,17 11480 1390784 /usr/lib/libkrb5support.so.0.0
    sshd 27169 root mem REG 8,17 163596 1390683 /usr/lib/libk5crypto.so.3.0
    sshd 27169 root mem REG 8,17 545280 1390782 /usr/lib/libkrb5.so.3.2
    sshd 27169 root mem REG 8,17 109744 1390679 /usr/lib/libgssapi_krb5.so.2.2
    sshd 27169 root mem REG 8,17 21924 32784 /lib/libcrypt-2.4.so
    sshd 27169 root mem REG 8,17 67368 33020 /lib/libnsl-2.4.so
    sshd 27169 root mem REG 8,17 73156 33075 /lib/libz.so.1.2.3
    sshd 27169 root mem REG 8,17 9716 33069 /lib/libutil-2.4.so
    sshd 27169 root mem REG 8,17 1353872 1194916 /usr/lib/libcrypto.so.0.9.8
    sshd 27169 root mem REG 8,17 59228 33059 /lib/libresolv-2.4.so
    sshd 27169 root mem REG 8,17 9700 32785 /lib/libdl-2.4.so
    sshd 27169 root mem REG 8,17 40764 33053 /lib/libpam.so.0.81.5
    sshd 27169 root mem REG 8,17 31288 1900349 /usr/lib/libwrap.so.0.7.6
    sshd 27169 root mem REG 8,17 540658 32746 /lib/ld-2.4.so
    sshd 27169 root 0u CHR 1,3 1123 /dev/null
    sshd 27169 root 1u CHR 1,3 1123 /dev/null
    sshd 27169 root 2u CHR 1,3 1123 /dev/null
    sshd 27169 root 3u sock 0,4 582068 can't identify protocol
    sshd 27169 root 4r REG 8,17 3250 1669323 /etc/hosts.allow
    sshd 27169 root 5w FIFO 0,5 582069 pipe


+ Reply to Thread