ssh dies

[John Davis]

Robert Storey wrote:
> Dear All,
> 
> An interesting and disturbing problem recently appeared on our server
> which is running FBSD 5.3. Rather suddenly, all users found themselves
> locked out because ssh stopped working. We had to send an email to tech
> support at our hosting service (Netsonic). They said this seems to be
> happening frequently on many FreeBSD servers (something to do  with
> reaching the limit of ssh connections). They didn't tell us how to solve
> the problem, but they suggested rebooting, which should return the 
> server under our control. We asked them to reboot and they did, problem
> solved for now.
> 
> I'm wondering if anyone knows what is causing this, and if there is a
> permanent solution? The server was running fine for four months without
> issues - this just suddenly came out of the blue.
> 
> TIA,
> Robert

   We had exactly the same problem with 5.3 on a dual opteron machine. 
One minute it worked and the next minute it stopped and had to be 
rebooted. The host insisted that this was clear evidence that machine 
had been compromised but this was nonsense. I have spoken to other 
people using 5.2 and 5.3 who report identical behavior. I don't know if 
it's a physical connection limit that's causing the problem though, 
because only two people log into my BSD server.

   I think a safer bet is this worm that tries to compromise servers by 
ssh. Perhaps the ssh server isn't cleaning up the failed connections 
well enough, or maybe it's detecting an attack and simply shutting down. 
This worm can generate a thousand or more connection attempts in a 
single session, so I can see how a tiny memory leak could grow into a 
big problem in a hurry.

--
John Davis