[Bug 948] high CPU in sshd after tcp_wrappers deny

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Feb 15 05:30:47 EST 2005


http://bugzilla.mindrot.org/show_bug.cgi?id=948





------- Additional Comments From atlunde at panix.com  2005-02-15 05:30 -------
Created an attachment (id=824)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=824&action=view)
corresponding syslog messages from ssh, tcp_wrappers, prngd

These are the messages in syslog from about the time that the ps output seems
to imply the high-cpu processes started. I ran egrep '20:01:3' on the log file.


This file gets messages from prngd, sshd, and tcp_wrappers. I note there's an
error from prngd (which I'm using as a random number source), could that be a
factor in the problem? (I'm using prngd, because this server was a HP-UX box in
a previous life..)

The tcp_wrappers rules are first a number of exception rules of the form:

sshd,in.ftpd: SOME_ADDRESS  : rfc931 15 : keepalive : nice 1 : allow

Where SOME_ADDRESS is an IP address, a DNS host address, or a domain
suffix(.foo.example.com) for which we want to allow traffic:

There's a generic allow rule for on-campus traffic:

sshd: .ourdomain.edu : nice 1 : allow

anything else falls thru to a default deny rule:

ALL: ALL : deny

Could the use of rfc931 lookups trigger problems?




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list