Re: Package: ssh 1:1.2.3-9.3 (stable)
On Thu, Aug 23, 2001 at 03:20:59PM +0900, Olaf Meeuwissen wrote:
> Simon Boulet <simon@divahost.net> writes:
>
> > Hi,
> >
> > I had some problems today with sshd. Here is what was reported in my log
> > files:
> >
> > Aug 23 00:23:24 host01 kernel: VM: killing process sshd
> > Aug 23 00:23:24 host01 kernel: swap_free: swap-space map bad (entry
> > 0000f000)
> > Aug 23 00:24:23 host01 kernel: VM: killing process sshd
> > Aug 23 00:24:23 host01 kernel: swap_free: swap-space map bad (entry
> > 0000f000)
> > Aug 23 00:27:51 host01 kernel: VM: killing process sshd
> > Aug 23 00:27:51 host01 kernel: swap_free: swap-space map bad (entry
> > 0000f000)
> > Aug 23 00:28:11 host01 kernel: VM: killing process sshd
> > Aug 23 00:28:11 host01 kernel: swap_free: swap-space map bad (entry
> > 0000f000)
>
> Looks more like a problem with swap space than with ssh to me. Just
> happened to hit sshd.
Yes. 2.2 kernels (especially earlier ones) kill off whatever process
they feel like when the system is out of virtual memory and needs
more. To prevent runaway processes from causing the kernel to kill
e.g. init, put
ulimit -S -v 131072 (adjust this: it's virtual mem size in kB)
in /etc/profile. It's a soft limit, so you don't need to be root to
raise it if you need to run something huge.. A limit equal to or less
than your total physical RAM is usually good, since one process using
more than that would thrash like crazy anyway. (However, if you have
64MB or less of physical RAM, don't make the limit that low, or
netscape might get an out-of-memory error even when it wasn't in
runaway mode...)
Also, I think there is a sysctl (/proc/sys/...) in 2.2 called
overcommit_memory. Turn this off, and your system won't bite off more
than it can chew. With it on, the system doesn't necessarily leave
enough space for zeroed pages that are copy-on-write. It assumes that
copy-on-write pages won't have to be copied. Unfortunately, there is
no way to return an out-of-memory error to a process that is writing
to memory. Thus, the kernel kills off some process. (No, this is not
good. Yes, the kernel hackers know this. Yes, they have made it not
so bad in later 2.2 kernels, and 2.4 has a whole new VM, which mostly
does a better job, but is still in heavy development.)
>
> > I was just wondering if ssh 1.2.3 was not quite "old" enough to release the
> > ssh 1:2.5.2p2-3 (testing) package? Anyone can help or has any ideas of what
> > went wrong tonight? Should I upgrade to sshd 2.5.2?
I would upgrade to kernel-image-2.2.19, if you don't have that
already. That should help. Also, if you don't have enough swap set
aside (i.e. the problem was not just one runaway process), then
dd if=/dev/zero of=/path/to/swapfile bs=1024k count=megs
$EDITOR /etc/fstab
swapon -a
> > Hopefully I have telnet
> > still open and I was able to "/etc/init.d/ssh restart" and now it seems to
> > work as normal.
>
> Having telnet around kind of defeats the purpose of ssh, not? You su
> to root on your telnet connection and your root password flies over
> the wire for all the snoop. Eek!
Yeah, really. Time for a new root passwd, I'd say.
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@llama.nslug. , ns.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BCE
Reply to: