* runit-1.8.0 available @ 2007-09-21 11:12 Gerrit Pape 2007-09-21 12:30 ` Alex Efros 2007-09-22 14:37 ` Alex Efros 0 siblings, 2 replies; 20+ messages in thread From: Gerrit Pape @ 2007-09-21 11:12 UTC (permalink / raw) To: supervision [-- Attachment #1: Type: text/plain, Size: 575 bytes --] Hi, a new runit package, version 1.8.0, is available for testing http://smarden.org/runit/ The runit(8) program, the process no 1, has been fixed to reap dead processes that re-parented to process no 1 (zombies) more thoroughly. Instructions on how to use runit with upstart as init scheme have been added, svlogd(8) has been changed to use a new source port for each log message sent through udp, and this release includes a build fix for AIX. If you use runit regularly, please contribute[0] to the project. Regards, Gerrit. [0] http://smarden.org/pape/#contribution [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: runit-1.8.0 available 2007-09-21 11:12 runit-1.8.0 available Gerrit Pape @ 2007-09-21 12:30 ` Alex Efros 2007-09-22 14:37 ` Alex Efros 1 sibling, 0 replies; 20+ messages in thread From: Alex Efros @ 2007-09-21 12:30 UTC (permalink / raw) To: supervision [-- Attachment #1: Type: text/plain, Size: 921 bytes --] Hi! On Fri, Sep 21, 2007 at 11:12:48AM +0000, Gerrit Pape wrote: > Instructions on how to use runit with upstart as init scheme have been ---cut--- Step 6: Replace /sbin/init Now it is time to replace the sysvinit /sbin/init binary: # mv /sbin/init /sbin/init.sysv # ln -s runit-init /sbin/init ---cut--- IMO this is bad idea. I've used this few years, and then switch back to using kernel param init= instead. This is because your linux distribution from time to time may wish to update sysvinit package, and so it will overwrite /sbin/init. And next reboot will be "surprise!", unless you really-really careful and detect sysvinit upgrade and replace /sbin/init with runit-init again after upgrade but before reboot. I've no idea how often sysvinit package upgraded in other linux distributions, but in Gentoo it upgrade, or at least recompile/reinstall every few months. -- WBR, Alex. [-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: runit-1.8.0 available 2007-09-21 11:12 runit-1.8.0 available Gerrit Pape 2007-09-21 12:30 ` Alex Efros @ 2007-09-22 14:37 ` Alex Efros 2007-09-24 10:19 ` Gerrit Pape 1 sibling, 1 reply; 20+ messages in thread From: Alex Efros @ 2007-09-22 14:37 UTC (permalink / raw) To: supervision Hi! On Fri, Sep 21, 2007 at 11:12:48AM +0000, Gerrit Pape wrote: > Hi, a new runit package, version 1.8.0, is available for testing > > http://smarden.org/runit/ > > The runit(8) program, the process no 1, has been fixed to reap dead > processes that re-parented to process no 1 (zombies) more thoroughly. :-( home ~ # uptime; ps ax | grep Z | wc 17:35:01 up 11:37, 21 users, load average: 0.00, 0.02, 0.00 2024 12151 91273 home ~ # chmod -x /etc/runit/stopit home ~ # kill -CONT 1 home ~ # uptime; ps ax | grep Z | wc 17:35:16 up 11:37, 21 users, load average: 0.00, 0.01, 0.00 2 19 134 -- WBR, Alex. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: runit-1.8.0 available 2007-09-22 14:37 ` Alex Efros @ 2007-09-24 10:19 ` Gerrit Pape 2007-09-24 13:35 ` Alex Efros 2007-09-26 13:46 ` Alex Efros 0 siblings, 2 replies; 20+ messages in thread From: Gerrit Pape @ 2007-09-24 10:19 UTC (permalink / raw) To: supervision On Sat, Sep 22, 2007 at 05:37:24PM +0300, Alex Efros wrote: > home ~ # uptime; ps ax | grep Z | wc > 17:35:01 up 11:37, 21 users, load average: 0.00, 0.02, 0.00 > 2024 12151 91273 > home ~ # chmod -x /etc/runit/stopit > home ~ # kill -CONT 1 > home ~ # uptime; ps ax | grep Z | wc > 17:35:16 up 11:37, 21 users, load average: 0.00, 0.01, 0.00 > 2 19 134 Hmm, what does # strings /proc/1/exe |grep Id say? Regards, Gerrit. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: runit-1.8.0 available 2007-09-24 10:19 ` Gerrit Pape @ 2007-09-24 13:35 ` Alex Efros 2007-09-26 13:46 ` Alex Efros 1 sibling, 0 replies; 20+ messages in thread From: Alex Efros @ 2007-09-24 13:35 UTC (permalink / raw) To: supervision Hi! On Mon, Sep 24, 2007 at 10:19:04AM +0000, Gerrit Pape wrote: > On Sat, Sep 22, 2007 at 05:37:24PM +0300, Alex Efros wrote: > > home ~ # uptime; ps ax | grep Z | wc > > 17:35:01 up 11:37, 21 users, load average: 0.00, 0.02, 0.00 > > 2024 12151 91273 > > home ~ # chmod -x /etc/runit/stopit > > home ~ # kill -CONT 1 > > home ~ # uptime; ps ax | grep Z | wc > > 17:35:16 up 11:37, 21 users, load average: 0.00, 0.01, 0.00 > > 2 19 134 > > Hmm, what does > # strings /proc/1/exe |grep Id > say? home ~ # strings /proc/1/exe |grep Id $Id: 25da3b86f7bed4038b8a039d2f8e8c9bbcf0822b $ -- WBR, Alex. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: runit-1.8.0 available 2007-09-24 10:19 ` Gerrit Pape 2007-09-24 13:35 ` Alex Efros @ 2007-09-26 13:46 ` Alex Efros 2007-09-29 13:00 ` Alex Efros 2007-09-29 13:03 ` Alex Efros 1 sibling, 2 replies; 20+ messages in thread From: Alex Efros @ 2007-09-26 13:46 UTC (permalink / raw) To: supervision Hi! On Mon, Sep 24, 2007 at 10:19:04AM +0000, Gerrit Pape wrote: > Hmm, what does > # strings /proc/1/exe |grep Id > say? For now - all servers ok, uptime 4 days. Maybe that was my mistake, and zombies was found on server which wasn't rebooted with new runit yet... but I've double-checked this before writing maillist, cos this is obvious. Let's see how it will be going, 4 days is not enough for this issue. -- WBR, Alex. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: runit-1.8.0 available 2007-09-26 13:46 ` Alex Efros @ 2007-09-29 13:00 ` Alex Efros 2007-09-29 13:03 ` Alex Efros 1 sibling, 0 replies; 20+ messages in thread From: Alex Efros @ 2007-09-29 13:00 UTC (permalink / raw) To: supervision Hi! On Wed, Sep 26, 2007 at 04:46:23PM +0300, Alex Efros wrote: > Let's see how it will be going, 4 days is not enough for this issue. I've just checked servers. On _ALL_ servers I've unreaped zombies now. Previous check was 14 hours ago, everything was clean. Uptime on all servers is 6 days 23 hours. On my home workstation 8 hours ago everything was clean, but now I've zombies here too. Workstation uptime is 7 days 9 hours. Amount of zombies on different servers between 15 and 9000, most have 300-600 zombies. So, this runit version doesn't fixed zombie issue. :( 'chmod -x /etc/runit/stopit ; kill -CONT 1' trick works ok, so now at least I don't have to reboot servers because of this issue. -- WBR, Alex. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: runit-1.8.0 available 2007-09-26 13:46 ` Alex Efros 2007-09-29 13:00 ` Alex Efros @ 2007-09-29 13:03 ` Alex Efros 2007-09-29 13:21 ` Alex Efros 2007-10-06 5:49 ` Alex Efros 1 sibling, 2 replies; 20+ messages in thread From: Alex Efros @ 2007-09-29 13:03 UTC (permalink / raw) To: supervision Hi! On Wed, Sep 26, 2007 at 04:46:23PM +0300, Alex Efros wrote: > Let's see how it will be going, 4 days is not enough for this issue. I've just checked servers. On _ALL_ servers I've unreaped zombies now. Previous check was 14 hours ago, everything was clean. Uptime on all servers is 6 days 23 hours. On my home workstation 8 hours ago everything was clean, but now I've zombies here too. Workstation uptime is 7 days 9 hours. Amount of zombies on different servers between 15 and 9000, most have 300-600 zombies. So, this runit version doesn't fixed zombie issue. :( 'chmod -x /etc/runit/stopit ; kill -CONT 1' trick works ok, so now at least I don't have to reboot servers because of this issue. -- WBR, Alex. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: runit-1.8.0 available 2007-09-29 13:03 ` Alex Efros @ 2007-09-29 13:21 ` Alex Efros 2007-10-06 5:49 ` Alex Efros 1 sibling, 0 replies; 20+ messages in thread From: Alex Efros @ 2007-09-29 13:21 UTC (permalink / raw) To: supervision Hi! Sorry for duplicating messages - I was changing my email, subscribed from new address, and send message from both new and old addresses. -- WBR, Alex. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: runit-1.8.0 available 2007-09-29 13:03 ` Alex Efros 2007-09-29 13:21 ` Alex Efros @ 2007-10-06 5:49 ` Alex Efros 2007-10-11 12:53 ` Gerrit Pape 2007-10-13 21:27 ` Alex Efros 1 sibling, 2 replies; 20+ messages in thread From: Alex Efros @ 2007-10-06 5:49 UTC (permalink / raw) To: supervision Hi! On Sat, Sep 29, 2007 at 04:03:51PM +0300, Alex Efros wrote: > I've just checked servers. On _ALL_ servers I've unreaped zombies now. > Previous check was 14 hours ago, everything was clean. > Uptime on all servers is 6 days 23 hours. Now it happens again. Uptime on all servers is 13 days 16 hours. Previous check was 2 days ago. Looks like this issue happens every ~6-6.5 days. Let's see when it happens again... -- WBR, Alex. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: runit-1.8.0 available 2007-10-06 5:49 ` Alex Efros @ 2007-10-11 12:53 ` Gerrit Pape 2007-10-13 17:30 ` Alex Efros 2007-10-13 21:27 ` Alex Efros 1 sibling, 1 reply; 20+ messages in thread From: Gerrit Pape @ 2007-10-11 12:53 UTC (permalink / raw) To: supervision On Sat, Oct 06, 2007 at 08:49:23AM +0300, Alex Efros wrote: > On Sat, Sep 29, 2007 at 04:03:51PM +0300, Alex Efros wrote: > > I've just checked servers. On _ALL_ servers I've unreaped zombies now. > > Previous check was 14 hours ago, everything was clean. > > Uptime on all servers is 6 days 23 hours. > > Now it happens again. Uptime on all servers is 13 days 16 hours. > Previous check was 2 days ago. Hmm, I don't know what's wrong. 'kill -CONT 1' makes the zombies go away? Does 'kill -CHLD 1' also work, or 'chmod -x /etc/runit/ctrlaltdel; kill -INT 1; chmod +x /etc/runit/ctrlaltdel'? Regards, Gerrit. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: runit-1.8.0 available 2007-10-11 12:53 ` Gerrit Pape @ 2007-10-13 17:30 ` Alex Efros 2007-10-20 11:24 ` Alex Efros 0 siblings, 1 reply; 20+ messages in thread From: Alex Efros @ 2007-10-13 17:30 UTC (permalink / raw) To: supervision Hi! On Thu, Oct 11, 2007 at 12:53:49PM +0000, Gerrit Pape wrote: > Hmm, I don't know what's wrong. 'kill -CONT 1' makes the zombies go > away? Does 'kill -CHLD 1' also work, or > 'chmod -x /etc/runit/ctrlaltdel; kill -INT 1; chmod +x /etc/runit/ctrlaltdel'? No, these commands doesn't fix this issue. Moreover, old trick with CONT also don't work - or, more correctly, it MAY work, but it also REBOOT server now, which shouldn't happen AFAIK! :( # uptime; ps ax | grep Z | wc 17:24:26 up 21 days, 3:43, 3 users, load average: 0.00, 0.00, 0.06 378 2269 16681 # kill -CHLD 1 # uptime; ps ax | grep Z | wc 17:25:27 up 21 days, 3:44, 4 users, load average: 0.00, 0.00, 0.05 378 2269 16681 # chmod -x /etc/runit/ctrlaltdel # kill -INT 1 # chmod +x /etc/runit/ctrlaltdel # uptime; ps ax | grep Z | wc 17:26:00 up 21 days, 3:45, 4 users, load average: 0.00, 0.00, 0.05 378 2269 16681 # chmod -x /etc/runit/stopit # kill -CONT 1 # Broadcast message from root (Sat Oct 13 17:26:20 2007): System is going down... -- WBR, Alex. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: runit-1.8.0 available 2007-10-13 17:30 ` Alex Efros @ 2007-10-20 11:24 ` Alex Efros 0 siblings, 0 replies; 20+ messages in thread From: Alex Efros @ 2007-10-20 11:24 UTC (permalink / raw) To: supervision Hi! On Sat, Oct 13, 2007 at 08:30:17PM +0300, Alex Efros wrote: > Moreover, old trick with CONT also don't work - or, more correctly, it > MAY work, but it also REBOOT server now, which shouldn't happen AFAIK! Now it happens again, but this time kill -CONT 1 works as expected and doesn't reboot the servers. I've no idea why it reboot servers at previous time. -- WBR, Alex. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: runit-1.8.0 available 2007-10-06 5:49 ` Alex Efros 2007-10-11 12:53 ` Gerrit Pape @ 2007-10-13 21:27 ` Alex Efros 2007-10-16 3:38 ` George Georgalis 1 sibling, 1 reply; 20+ messages in thread From: Alex Efros @ 2007-10-13 21:27 UTC (permalink / raw) To: supervision Hi! On Sat, Oct 06, 2007 at 08:49:23AM +0300, Alex Efros wrote: > > I've just checked servers. On _ALL_ servers I've unreaped zombies now. > > Previous check was 14 hours ago, everything was clean. > > Uptime on all servers is 6 days 23 hours. > > Now it happens again. Uptime on all servers is 13 days 16 hours. > Previous check was 2 days ago. > > Looks like this issue happens every ~6-6.5 days. Let's see when it happens > again... It's funny, but I again got this issue simultaneously on all servers, including workstation with uptime 2 days! Most servers uptime is 21 day, but one server uptime is 5 days. Maybe it doesn't depend on some time period, but instead depend on some time? -- WBR, Alex. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: runit-1.8.0 available 2007-10-13 21:27 ` Alex Efros @ 2007-10-16 3:38 ` George Georgalis 2007-10-20 19:59 ` Alex Efros 0 siblings, 1 reply; 20+ messages in thread From: George Georgalis @ 2007-10-16 3:38 UTC (permalink / raw) To: supervision On Sun, Oct 14, 2007 at 12:27:54AM +0300, Alex Efros wrote: >On Sat, Oct 06, 2007 at 08:49:23AM +0300, Alex Efros wrote: >> > I've just checked servers. On _ALL_ servers I've unreaped zombies now. >> > Previous check was 14 hours ago, everything was clean. >> > Uptime on all servers is 6 days 23 hours. >> >> Now it happens again. Uptime on all servers is 13 days 16 hours. >> Previous check was 2 days ago. >> >> Looks like this issue happens every ~6-6.5 days. Let's see when it happens >> again... > >It's funny, but I again got this issue simultaneously on all servers, >including workstation with uptime 2 days! > >Most servers uptime is 21 day, but one server uptime is 5 days. > >Maybe it doesn't depend on some time period, but instead depend on some time? This thread(s) is so long it's become difficult to follow. Maybe you could consolidate the important details into a summary. What is the simplest way to reproduce the problem. What has been tried? What factors are determined not related. What hypothesis, if any, for resolution? // George -- George Georgalis, information system scientist <IXOYE>< ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: runit-1.8.0 available 2007-10-16 3:38 ` George Georgalis @ 2007-10-20 19:59 ` Alex Efros 2007-10-20 22:11 ` George Georgalis 0 siblings, 1 reply; 20+ messages in thread From: Alex Efros @ 2007-10-20 19:59 UTC (permalink / raw) To: supervision Hi! On Mon, Oct 15, 2007 at 11:38:18PM -0400, George Georgalis wrote: > This thread(s) is so long it's become difficult to follow. Maybe > you could consolidate the important details into a summary. What > is the simplest way to reproduce the problem. What has been tried? > What factors are determined not related. What hypothesis, if any, > for resolution? Only known to me way to reproduce the problem - install new Gentoo server and wait for about a week to see sshd zombies (as result of ssh-worms trying to bruteforce ssh from time to time). Tried? I tried to switch from runit-init to sysvinit, and this solved issue. Also Gerrit suggested a workaround: running 'chmod -x /etc/runit/stopit; kill -CONT 1' on system with unreaped zombies result in two things: first all zombies are reaped, and second runit start reaping zombies again... but after several days it stop reaping zombies again and we need to chmod/kill again. Not related... there several factors determined not related (like grsecurity kernel patches), but that was while I wasn't sure this is bug in runit. Mostly strange thing is this happens as least for two people, at same time after Gentoo upgrade. And that upgrade doesn't touch runit or toolchain - nothing in this upgrade seems suspicious. Only hypothesis I've - this issue related to date/time: it usually happens at same time on all my servers (and looks like this related to global date/time, and not to server uptime), and it usually repeats every 5-7 days. I think easies way to solve this issue - if Gerrit provide test/debug version of runit to me, which for example output it state/actions into log file, and then he'll analyse that log file to find out what is going wrong. Because looks like he unable to find this bug by just looking at the code. -- WBR, Alex. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: runit-1.8.0 available 2007-10-20 19:59 ` Alex Efros @ 2007-10-20 22:11 ` George Georgalis 2007-10-20 22:20 ` Alex Efros 0 siblings, 1 reply; 20+ messages in thread From: George Georgalis @ 2007-10-20 22:11 UTC (permalink / raw) To: supervision On Sat, Oct 20, 2007 at 10:59:50PM +0300, Alex Efros wrote: >Hi! > >On Mon, Oct 15, 2007 at 11:38:18PM -0400, George Georgalis wrote: >> This thread(s) is so long it's become difficult to follow. Maybe >> you could consolidate the important details into a summary. What >> is the simplest way to reproduce the problem. What has been tried? >> What factors are determined not related. What hypothesis, if any, >> for resolution? > >Only known to me way to reproduce the problem - install new Gentoo server >and wait for about a week to see sshd zombies (as result of ssh-worms >trying to bruteforce ssh from time to time). > >Tried? I tried to switch from runit-init to sysvinit, and this solved issue. >Also Gerrit suggested a workaround: running 'chmod -x /etc/runit/stopit; >kill -CONT 1' on system with unreaped zombies result in two things: first >all zombies are reaped, and second runit start reaping zombies again... >but after several days it stop reaping zombies again and we need to >chmod/kill again. > >Not related... there several factors determined not related (like >grsecurity kernel patches), but that was while I wasn't sure this is bug >in runit. > >Mostly strange thing is this happens as least for two people, at same time >after Gentoo upgrade. And that upgrade doesn't touch runit or toolchain - >nothing in this upgrade seems suspicious. > >Only hypothesis I've - this issue related to date/time: it usually happens >at same time on all my servers (and looks like this related to global >date/time, and not to server uptime), and it usually repeats every 5-7 days. > >I think easies way to solve this issue - if Gerrit provide test/debug >version of runit to me, which for example output it state/actions into log >file, and then he'll analyse that log file to find out what is going wrong. >Because looks like he unable to find this bug by just looking at the code. it sounds like a signal is not reaching init, SIGPIPE? The following sed to default sshd_config s/.*PasswordAuthentication.*/PasswordAuthentication no/ s/.*UsePam.*/UsePam no/ will really cut back the impact of bad internet on public sshd port, of course you will only be able to use keys (PKI/RSA) to connect. // George -- George Georgalis, information system scientist <IXOYE>< ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: runit-1.8.0 available 2007-10-20 22:11 ` George Georgalis @ 2007-10-20 22:20 ` Alex Efros 2007-10-22 22:17 ` Vincent Danen 2007-10-24 3:52 ` George Georgalis 0 siblings, 2 replies; 20+ messages in thread From: Alex Efros @ 2007-10-20 22:20 UTC (permalink / raw) To: supervision Hi! On Sat, Oct 20, 2007 at 06:11:26PM -0400, George Georgalis wrote: > it sounds like a signal is not reaching init, SIGPIPE? PIPE? You mean CHLD? > The following sed to default sshd_config > s/.*PasswordAuthentication.*/PasswordAuthentication no/ > s/.*UsePam.*/UsePam no/ > will really cut back the impact of bad internet on public sshd port, > of course you will only be able to use keys (PKI/RSA) to connect. Yeah, this is my default ssh configuration. :) But ssh worms anyway try to connect (they doesn't know is senseless :)) and so ssh fork new processes for these connections and these processes become unreaped zombies at some point. -- WBR, Alex. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: runit-1.8.0 available 2007-10-20 22:20 ` Alex Efros @ 2007-10-22 22:17 ` Vincent Danen 2007-10-24 3:52 ` George Georgalis 1 sibling, 0 replies; 20+ messages in thread From: Vincent Danen @ 2007-10-22 22:17 UTC (permalink / raw) To: supervision [-- Attachment #1: Type: text/plain, Size: 1078 bytes --] * Alex Efros <powerman@powerman.name> [2007-10-21 01:20:51 +0300]: >Hi! > >On Sat, Oct 20, 2007 at 06:11:26PM -0400, George Georgalis wrote: >> it sounds like a signal is not reaching init, SIGPIPE? > >PIPE? You mean CHLD? > >> The following sed to default sshd_config >> s/.*PasswordAuthentication.*/PasswordAuthentication no/ >> s/.*UsePam.*/UsePam no/ >> will really cut back the impact of bad internet on public sshd port, >> of course you will only be able to use keys (PKI/RSA) to connect. > >Yeah, this is my default ssh configuration. :) But ssh worms anyway try to >connect (they doesn't know is senseless :)) and so ssh fork new processes >for these connections and these processes become unreaped zombies at some >point. The simplest thing to do would be to either use tcp_wrappers or run sshd out of xinetd or (my favourite) ipsvd. With some appropriate ACLs and IP-based restrictions, you can reduce those attacks to *0* reaching sshd as xinetd/ipsvd would deny them before even starting sshd. -- Vincent Danen @ http://linsec.ca/ [-- Attachment #2: Type: application/pgp-signature, Size: 186 bytes --] ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: runit-1.8.0 available 2007-10-20 22:20 ` Alex Efros 2007-10-22 22:17 ` Vincent Danen @ 2007-10-24 3:52 ` George Georgalis 1 sibling, 0 replies; 20+ messages in thread From: George Georgalis @ 2007-10-24 3:52 UTC (permalink / raw) To: supervision On Sun, Oct 21, 2007 at 01:20:51AM +0300, Alex Efros wrote: >Hi! > >On Sat, Oct 20, 2007 at 06:11:26PM -0400, George Georgalis wrote: >> it sounds like a signal is not reaching init, SIGPIPE? > >PIPE? You mean CHLD? well I _meant_ PIPE but looking at signal(7)... it doesn't mean exactly what I thought. I guess CHLD, I was thinking the case where sshd doesn't handle PIPE properly (lame brute force tcp); maybe SIGCHLD is what init is not getting, but should... I've not given much thought to whether init should get the 'what' or 'why' signal, is that established? >> The following sed to default sshd_config >> s/.*PasswordAuthentication.*/PasswordAuthentication no/ >> s/.*UsePam.*/UsePam no/ >> will really cut back the impact of bad internet on public sshd port, >> of course you will only be able to use keys (PKI/RSA) to connect. > >Yeah, this is my default ssh configuration. :) But ssh worms anyway try to >connect (they doesn't know is senseless :)) and so ssh fork new processes >for these connections and these processes become unreaped zombies at some >point. I've never put sshd in supervise, nor noticed the (connection) problem you describe. may the internal sshd spawning manages this better than when run in foreground for ipsvd? Are you invoking sshd in inetd style with ipsvd or exec sshd? // George -- George Georgalis, information system scientist <IXOYE>< ^ permalink raw reply [flat|nested] 20+ messages in thread
end of thread, other threads:[~2007-10-24 3:52 UTC | newest] Thread overview: 20+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2007-09-21 11:12 runit-1.8.0 available Gerrit Pape 2007-09-21 12:30 ` Alex Efros 2007-09-22 14:37 ` Alex Efros 2007-09-24 10:19 ` Gerrit Pape 2007-09-24 13:35 ` Alex Efros 2007-09-26 13:46 ` Alex Efros 2007-09-29 13:00 ` Alex Efros 2007-09-29 13:03 ` Alex Efros 2007-09-29 13:21 ` Alex Efros 2007-10-06 5:49 ` Alex Efros 2007-10-11 12:53 ` Gerrit Pape 2007-10-13 17:30 ` Alex Efros 2007-10-20 11:24 ` Alex Efros 2007-10-13 21:27 ` Alex Efros 2007-10-16 3:38 ` George Georgalis 2007-10-20 19:59 ` Alex Efros 2007-10-20 22:11 ` George Georgalis 2007-10-20 22:20 ` Alex Efros 2007-10-22 22:17 ` Vincent Danen 2007-10-24 3:52 ` George Georgalis
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).