LinuxSA Mailing list archives
Index:
[thread]
[date]
[subject]
[author]
From: Alan Kennington <akenning@dog.topology.org>
To : LinuxSA <linuxsa@linuxsa.org.au>
Date: Sat, 12 Feb 2000 10:22:40 +1030
sshd[3663]: error: Failed to allocate pty.
Warning! Warning!
Anybody thinking of relying on sshd for remote login
to their home site while overseas in s'Gravenhage
should think again.
Luckily I set up _two_ computers as sshd servers.
Because one of them failed:
====================================================
Feb 12 09:52:44 dog sshd[3660]: log: Connection from 195.232.106.4 port 1025
Feb 12 09:52:57 dog sshd[3660]: log: RSA authentication for akenning accepted.
Feb 12 09:53:04 dog PAM_pwdb[3660]: (sshd) session opened for user akenning by (uid=0)
Feb 12 09:53:28 dog sshd[3663]: log: Connection from 195.232.106.4 port 1027
Feb 12 09:53:34 dog pam[3663]: unable to dlopen(/lib/security/pam_nologin.so)
Feb 12 09:53:34 dog pam[3663]: [dlerror: /lib/security/pam_nologin.so: cannot open shared object file: Too ma
ny open files]
Feb 12 09:53:34 dog pam[3663]: adding faulty module: /lib/security/pam_nologin.so
Feb 12 09:53:44 dog sshd[3663]: log: RSA authentication for akenning accepted.
Feb 12 09:53:44 dog PAM_pwdb[3663]: (sshd) session opened for user akenning by (uid=0)
Feb 12 09:53:48 dog sshd[3663]: error: /dev/ttyp4: Too many open files
Feb 12 09:53:48 dog sshd[3663]: error: Failed to allocate pty.
Feb 12 09:53:51 dog sshd[3663]: fatal: Local: Could not create pipes: Too many open files
Feb 12 09:53:51 dog PAM_pwdb[3663]: (sshd) session closed for user akenning
Feb 12 09:54:42 dog pam_rhosts_auth[3667]: allowed to akenning@emu.topology.org as akenning
====================================================
The last line is where I sneeked in to the machine
sideways from the other sshd-enabled machine.
It looks like after about 100 successful sshd logins
(order of magnitude only), sshd didn't close all those
pty handles and just reached the system limit.
Unfortunately it just doesn't do anything
that might be called fail-safe.
Part of the problem is that fact that I was in a company
that had N-ISDN link-up to the net - where the
connection was closed whenever the link was idle.
As a result, every 10 minutes or so, my sshd connection
was dropped at my end, but maybe not at the
server end.
When I recognized the problem, I set up a
ping process to keep the link alive (and cost my
emplooyer more in ISDN connection costs), so
that ssh links didn't fail anymore.
But finally I reached the limit anyway.
to be fail-safe, maybe you need to run
_two_ ssh daemons on different ports independently.
The above log, by the way shows two failed ssh
logins, not one.
Anyway, be warned !!! Or be prawned!
Cheers,
Alan Kennington.
PS. I'm going to miss the linux meeting by 12 hours.
did someone say there's a mystery guest.
I wonder if it's someone famous....
Every time I just miss a meeting, someone famous
shows up!
--
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
Index:
[thread]
[date]
[subject]
[author]
Return to the LinuxSA Mailing List Information Page