Bug#860410: openssh-server: sshd needs more RAM than before and limits.conf applies to it

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#860410: openssh-server: sshd needs more RAM than before and limits.conf applies to it
From: Russell Coker <russell@coker.com.au>
Date: Sun, 16 Apr 2017 23:06:32 +1000
Message-id: <[🔎] 149234799261.24589.8901513660472551335.reportbug@athena>
Reply-to: Russell Coker <russell@coker.com.au>, 860410@bugs.debian.org

Package: openssh-server
Version: 1:7.4p1-10
Severity: normal

rjc             soft    as              20000

On a standard Jessie AMD64 configuration I could have an entry in
/etc/security/limits.conf like the above and still be able to login.  The sshd
process for the user login is reported by ps as having a VSZ of 80520, but
/etc/security/limits.conf doesn't apply to it.

test            soft    as      95400

On a fairly standard Unstable configuration I need the above as the minimum
limit to allow a login.

Apr 16 22:47:45 server sshd[24492]: fatal: monitor_apply_keystate: packet_set_state: memory allocation failed

If I have a lower number (even 95300) I get a log message like the above and
the ssh connection is aborted.

I think that sshd should not apply /etc/security/limits.conf to it's own
processes and only apply it to user processes (as Jessie did).  Also sshd
needs more RAM than it used to (about 95M for Stretch, 93M for Unstable,
81M for Jessie, and 71M for Wheezy) which exacerbates this.  I expect that
libc etc are to blame for some of the memory use.  But it would be nice if
it didn't continue the trend of an extra 10M per release when significant
features like SSHv1 support are being removed.

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages openssh-server depends on:
ii  adduser                3.115
ii  debconf [debconf-2.0]  1.5.60
ii  dpkg                   1.18.23
ii  init-system-helpers    1.47
ii  libaudit1              1:2.6.7-2
ii  libc6                  2.24-10
ii  libcomerr2             1.43.4-2
ii  libgssapi-krb5-2       1.15-1
ii  libkrb5-3              1.15-1
ii  libpam-modules         1.1.8-3.5
ii  libpam-runtime         1.1.8-3.5
ii  libpam0g               1.1.8-3.5
ii  libselinux1            2.6-3+b1
ii  libssl1.0.2            1.0.2k-1
ii  libsystemd0            232-22
ii  libwrap0               7.6.q-26
ii  lsb-base               9.20161125
ii  openssh-client         1:7.4p1-10
ii  openssh-sftp-server    1:7.4p1-10
ii  procps                 2:3.3.12-3
ii  ucf                    3.0036
ii  zlib1g                 1:1.2.8.dfsg-5

Versions of packages openssh-server recommends:
ii  libpam-systemd  232-22
ii  ncurses-term    6.0+20161126-1
ii  xauth           1:1.0.9-1+b2

Versions of packages openssh-server suggests:
pn  molly-guard   <none>
pn  monkeysphere  <none>
pn  rssh          <none>
pn  ssh-askpass   <none>
pn  ufw           <none>

-- debconf information:
* ssh/use_old_init_script: true
  ssh/disable_cr_auth: false
  ssh/encrypted_host_key_but_no_keygen:
  ssh/vulnerable_host_keys:
  openssh-server/permit-root-login: true
  ssh/new_config: true

Reply to:

Prev by Date: Strange message "ur orders please" when attempting to ssh
Next by Date: Bug#860410: more testing
Previous by thread: Strange message "ur orders please" when attempting to ssh
Next by thread: Bug#860410: more testing
Index(es):
- Date
- Thread