Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 948] high CPU in sshd after tcp_wrappers deny
bugzilla-daemon at mindrot
Oct 31, 2004, 11:59 AM
Post #1 of 3 (160 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=948

Summary: high CPU in sshd after tcp_wrappers deny
Product: Portable OpenSSH
Version: 3.9p1
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs@mindrot.org
ReportedBy: atlunde@panix.com
CC: atlunde@panix.com


We are using OpenSSH sshd built with the tcp_wrappers library, and rules set to
deny access not coming from our local domain.

Recently we have seen cases where an sshd process was left running and consuming
a large amount of CPU. Looking at the logs and the time the process was started,
it appears that the trigger was a denied ssh connection blocked by tcp_wrappers.

(I suspect this was the password guessing attack that's been going around
recently, because we've gotten few blocked ssh connections in the past, but I
can't say for sure.)

This was on Solaris 8, openssh-3.9p1, OpenSSL 0.9.7d, tcp_wrappers 7.6

uname -a
SunOS XXXXXX 5.8 Generic_108528-18 sun4u sparc SUNW,Sun-Fire-280R



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 948] high CPU in sshd after tcp_wrappers deny [ In reply to ]
bugzilla-daemon at mindrot
Oct 31, 2004, 12:05 PM
Post #2 of 3 (157 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=948





------- Additional Comments From atlunde@panix.com 2004-11-01 07:05 -------
Created an attachment (id=737)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=737&action=view)
This is the shell script used to configure this build of openssh




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 948] high CPU in sshd after tcp_wrappers deny [ In reply to ]
bugzilla-daemon at mindrot
Nov 2, 2004, 3:01 AM
Post #3 of 3 (154 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=948





------- Additional Comments From dtucker@zip.com.au 2004-11-02 22:01 -------
The code that drops the connection is pretty simple and there's no obvious way
for it to get into a loop:

if (!hosts_access(&req)) {
debug("Connection refused by tcp wrapper");
refuse(&req);
/* NOTREACHED */
fatal("libwrap refuse returns");
}

When it happens, can you run /usr/ucb/ps auxwww and pick out the pid of the
errant process? It should have a few hints about what stage the process is at
in the process title.

Also, can you reproduce it with sshd in debug mode (eg /path/to/sshd -ddde)? If
so, please attach (note: use "Create New Attachment") the debug log to this bug.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal