On Thu, Mar 09, 2006 at 12:37:06PM -0500, Justin Pryzby wrote: > On Thu, Mar 09, 2006 at 05:13:34PM +0000, Andy Smith wrote: > > Hi, > > > > I get this error message and sshd dying intermittently since I > > upgraded one of my sarge xen domains to etch. It always happens in > > the middle of a prolonged dictionary attack on my sshd. My other > > sarge domains on the same hardware get the dictionary attacks and > > weather them fine though. > > > > I don't understand how it can be running out of random bytes when > > /dev/urandom is there and appears to be working. > > > > Last time this happened I ran sshd from the console like so: > > > > /usr/sbin/sshd -eD -o 'LogLevel VERBOSE' > This doesn't actually help much; the same error code was reported > before. Fair point, just wanted to show it really is the same thing as previously reported. > Would you consider trying to strace the processes? This was > recommended for the other similar bug (assigned to "openssl"; there > are #115767, #155467). I would but I'm concerned that this will use large amounts of disk space. This problem only manifests itself perhaps once every month or two and depends on me getting a big SSH dictionary attack it seems. > Something like strace -f -o /var/log/ssh-strace/ssh-strace.log, where > you should be able to set the directory permissions to be sufficiently > tight. What if I ran strace without the -f and ran ssh with -eD again so it doesn't detach or fork? Then I'd only have strace logs from the parent sshd right? Which wouldn't be too much of a logging burden yet would still show the problem, I'm guessing. > This might also be a kernel bug, if read() returns short when it > shouldn't. How reproducible is this for you? What if you > > while :; do ssh otherhost true; done; > > (with rsa or other noninteractive authentication mechanism enabled) I've had this running for a few minutes now and can't reproduce.. indeed the ssh dictionary attacks were connecting constantly for hours at a time and still not triggering it, so I think it will be hard to reproduce. I'll leave it running and update if there's anything to report. Thanks for looking into this, Andy -- http://strugglers.net/wiki/Xen_hosting -- A Xen VPS hosting hobby Encrypted mail welcome - keyid 0x604DE5DB
Attachment:
signature.asc
Description: Digital signature