Bug#860410: openssh-server: sshd needs more RAM than before and limits.conf applies to it
Package: openssh-server
Version: 1:7.4p1-10
Severity: normal
rjc soft as 20000
On a standard Jessie AMD64 configuration I could have an entry in
/etc/security/limits.conf like the above and still be able to login. The sshd
process for the user login is reported by ps as having a VSZ of 80520, but
/etc/security/limits.conf doesn't apply to it.
test soft as 95400
On a fairly standard Unstable configuration I need the above as the minimum
limit to allow a login.
Apr 16 22:47:45 server sshd[24492]: fatal: monitor_apply_keystate: packet_set_state: memory allocation failed
If I have a lower number (even 95300) I get a log message like the above and
the ssh connection is aborted.
I think that sshd should not apply /etc/security/limits.conf to it's own
processes and only apply it to user processes (as Jessie did). Also sshd
needs more RAM than it used to (about 95M for Stretch, 93M for Unstable,
81M for Jessie, and 71M for Wheezy) which exacerbates this. I expect that
libc etc are to blame for some of the memory use. But it would be nice if
it didn't continue the trend of an extra 10M per release when significant
features like SSHv1 support are being removed.
-- System Information:
Debian Release: 9.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages openssh-server depends on:
ii adduser 3.115
ii debconf [debconf-2.0] 1.5.60
ii dpkg 1.18.23
ii init-system-helpers 1.47
ii libaudit1 1:2.6.7-2
ii libc6 2.24-10
ii libcomerr2 1.43.4-2
ii libgssapi-krb5-2 1.15-1
ii libkrb5-3 1.15-1
ii libpam-modules 1.1.8-3.5
ii libpam-runtime 1.1.8-3.5
ii libpam0g 1.1.8-3.5
ii libselinux1 2.6-3+b1
ii libssl1.0.2 1.0.2k-1
ii libsystemd0 232-22
ii libwrap0 7.6.q-26
ii lsb-base 9.20161125
ii openssh-client 1:7.4p1-10
ii openssh-sftp-server 1:7.4p1-10
ii procps 2:3.3.12-3
ii ucf 3.0036
ii zlib1g 1:1.2.8.dfsg-5
Versions of packages openssh-server recommends:
ii libpam-systemd 232-22
ii ncurses-term 6.0+20161126-1
ii xauth 1:1.0.9-1+b2
Versions of packages openssh-server suggests:
pn molly-guard <none>
pn monkeysphere <none>
pn rssh <none>
pn ssh-askpass <none>
pn ufw <none>
-- debconf information:
* ssh/use_old_init_script: true
ssh/disable_cr_auth: false
ssh/encrypted_host_key_but_no_keygen:
ssh/vulnerable_host_keys:
openssh-server/permit-root-login: true
ssh/new_config: true
Reply to: