From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/1565 Path: news.gmane.org!not-for-mail From: George Georgalis Newsgroups: gmane.comp.sysutils.supervision.general Subject: Re: runit-1.8.0 available Date: Tue, 23 Oct 2007 23:52:47 -0400 Message-ID: <20071024035247.GA21578@run.duo> References: <20070922143724.GA1419@home.power> <20070924101904.17022.qmail@42aab7ded663c3.315fe32.mid.smarden.org> <20070926134623.GR21637@home.power> <20070929130351.GC18527@home.power> <20071006054923.GA1665@home.power> <20071013212754.GL1383@home.power> <20071016033818.GE18461@run.duo> <20071020195950.GB25023@home.power> <20071020221125.GC11413@run.duo> <20071020222050.GD25023@home.power> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1193197977 29319 80.91.229.12 (24 Oct 2007 03:52:57 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 24 Oct 2007 03:52:57 +0000 (UTC) To: supervision@list.skarnet.org Original-X-From: supervision-return-1800-gcsg-supervision=m.gmane.org@list.skarnet.org Wed Oct 24 05:52:57 2007 Return-path: Envelope-to: gcsg-supervision@gmane.org Original-Received: from antah.skarnet.org ([212.85.147.14]) by lo.gmane.org with smtp (Exim 4.50) id 1IkXIf-0005Fe-Av for gcsg-supervision@gmane.org; Wed, 24 Oct 2007 05:52:57 +0200 Original-Received: (qmail 1766 invoked by uid 76); 24 Oct 2007 03:53:10 -0000 Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Archive: Original-Received: (qmail 1761 invoked from network); 24 Oct 2007 03:53:10 -0000 Mail-Followup-To: supervision@list.skarnet.org Content-Disposition: inline In-Reply-To: <20071020222050.GD25023@home.power> Xref: news.gmane.org gmane.comp.sysutils.supervision.general:1565 Archived-At: On Sun, Oct 21, 2007 at 01:20:51AM +0300, Alex Efros wrote: >Hi! > >On Sat, Oct 20, 2007 at 06:11:26PM -0400, George Georgalis wrote: >> it sounds like a signal is not reaching init, SIGPIPE? > >PIPE? You mean CHLD? well I _meant_ PIPE but looking at signal(7)... it doesn't mean exactly what I thought. I guess CHLD, I was thinking the case where sshd doesn't handle PIPE properly (lame brute force tcp); maybe SIGCHLD is what init is not getting, but should... I've not given much thought to whether init should get the 'what' or 'why' signal, is that established? >> The following sed to default sshd_config >> s/.*PasswordAuthentication.*/PasswordAuthentication no/ >> s/.*UsePam.*/UsePam no/ >> will really cut back the impact of bad internet on public sshd port, >> of course you will only be able to use keys (PKI/RSA) to connect. > >Yeah, this is my default ssh configuration. :) But ssh worms anyway try to >connect (they doesn't know is senseless :)) and so ssh fork new processes >for these connections and these processes become unreaped zombies at some >point. I've never put sshd in supervise, nor noticed the (connection) problem you describe. may the internal sshd spawning manages this better than when run in foreground for ipsvd? Are you invoking sshd in inetd style with ipsvd or exec sshd? // George -- George Georgalis, information system scientist <