From: George Georgalis <george@galis.org>
To: supervision@list.skarnet.org
Subject: Re: runit-1.8.0 available
Date: Tue, 23 Oct 2007 23:52:47 -0400 [thread overview]
Message-ID: <20071024035247.GA21578@run.duo> (raw)
In-Reply-To: <20071020222050.GD25023@home.power>
On Sun, Oct 21, 2007 at 01:20:51AM +0300, Alex Efros wrote:
>Hi!
>
>On Sat, Oct 20, 2007 at 06:11:26PM -0400, George Georgalis wrote:
>> it sounds like a signal is not reaching init, SIGPIPE?
>
>PIPE? You mean CHLD?
well I _meant_ PIPE but looking at signal(7)... it doesn't mean
exactly what I thought. I guess CHLD, I was thinking the case
where sshd doesn't handle PIPE properly (lame brute force tcp);
maybe SIGCHLD is what init is not getting, but should... I've not
given much thought to whether init should get the 'what' or 'why'
signal, is that established?
>> The following sed to default sshd_config
>> s/.*PasswordAuthentication.*/PasswordAuthentication no/
>> s/.*UsePam.*/UsePam no/
>> will really cut back the impact of bad internet on public sshd port,
>> of course you will only be able to use keys (PKI/RSA) to connect.
>
>Yeah, this is my default ssh configuration. :) But ssh worms anyway try to
>connect (they doesn't know is senseless :)) and so ssh fork new processes
>for these connections and these processes become unreaped zombies at some
>point.
I've never put sshd in supervise, nor noticed the (connection)
problem you describe. may the internal sshd spawning manages this
better than when run in foreground for ipsvd? Are you invoking
sshd in inetd style with ipsvd or exec sshd?
// George
--
George Georgalis, information system scientist <IXOYE><
prev parent reply other threads:[~2007-10-24 3:52 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-09-21 11:12 Gerrit Pape
2007-09-21 12:30 ` Alex Efros
2007-09-22 14:37 ` Alex Efros
2007-09-24 10:19 ` Gerrit Pape
2007-09-24 13:35 ` Alex Efros
2007-09-26 13:46 ` Alex Efros
2007-09-29 13:00 ` Alex Efros
2007-09-29 13:03 ` Alex Efros
2007-09-29 13:21 ` Alex Efros
2007-10-06 5:49 ` Alex Efros
2007-10-11 12:53 ` Gerrit Pape
2007-10-13 17:30 ` Alex Efros
2007-10-20 11:24 ` Alex Efros
2007-10-13 21:27 ` Alex Efros
2007-10-16 3:38 ` George Georgalis
2007-10-20 19:59 ` Alex Efros
2007-10-20 22:11 ` George Georgalis
2007-10-20 22:20 ` Alex Efros
2007-10-22 22:17 ` Vincent Danen
2007-10-24 3:52 ` George Georgalis [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071024035247.GA21578@run.duo \
--to=george@galis.org \
--cc=supervision@list.skarnet.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).