[Bug 1213] ssh-keyscan exits in mid-way
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Nov 30 17:12:55 EST 2011
https://bugzilla.mindrot.org/show_bug.cgi?id=1213
--- Comment #42 from Daniel Richard G. <skunk at iSKUNK.ORG> 2011-11-30 17:12:55 EST ---
(In reply to comment #41)
>
> The number of ways that key access can be terminated keeps increasing,
> doesn't it?
I hope it won't be necessary to enumerate them all before this bug can
be closed!
> My oops. I have had my focus redirected to other projects and,
> besides, I'm very lazy (;-}).
>
> Dumb me, I thought at least a question or two would be forthcoming from
> the OpenSSH folks. Guess not. I saw the mailing list reference in the
> README and promptly forgot about it. I will send the patch there. I
> apologize for the slowness.
Hey, it's your patch. All the fame and glory will go to you ;-)
> Question for you. The ssh-keyscan code currently limits the maximum
> number of used file descriptors to <256. The biggest problem that I've
> seen with that number is, if you ever have a very large number of down
> hosts (which we have had), the code uses the available fds and has to
> wait for a '-Tn' timeout on one of them to start another key access.
> I've made a local modification that changes that number to 512. The
> code seems smart enough so that, if the OS has smaller limits, nothing
> will break. Right now Debian defaults to 1024 fds max and (at least
> our) Redhat to 20480. So 512 is a modest increase. Would you have an
> opinion on this?
Debian has 1024 fds max per process, or across the entire system? (If a
local DoS attack were really as easy as calling open() ~1000 times...)
If the limit is for the whole system, that would be a good reason to
make this an option, or a recognized environment variable. If for a
single process, then just call sysconf(_SC_OPEN_MAX) and go to town.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list