Problems on Sparcs (fwd)

Jan IVEN Jan.Iven at cern.ch
Thu Dec 7 19:20:39 EST 2000


>>>>> "MF" == Markus Friedl <markus.friedl at informatik.uni-erlangen.de> writes:

 MF> comments?
 MF> From: Charles Clancy <mgrtcc at cs.rose-hulman.edu>
 MF> Subject: Problems on Sparcs
 MF> To: <openssh at openssh.com>
 MF> Date: Wed, 6 Dec 2000 09:55:41 -0500 (EST)

 MF> I compiled OpenSSH 2.3.0p1 for Solaris 7 (32-bit) with OpenSSL 0.95a, with
 MF> GCC 2.95.2 (sunfreeware.com binaries).

Similar setup here (locally compiled gcc-2.91.66, kth-1.0.2 for KRB4 support).

 MF> We are using OpenSSH because it supports PAM, which is required for our
 MF> network, as our workstations run AFS, and very few daemons support
 MF> authentication via AFS.

We tried PAM on Solaris for the same reasons, then discovered that
compiling sshd without PAM works even better - AFS token forwarding
works in both cases, and without PAM, standard KRB4 authentication
will be used. This works nicely as long as you have a /etc/srvtab on
all machines.

 MF> On our most frequently used Ultra 80 (2x450MHz, 1G RAM), we have been
 MF> having problems ever since upgrading from SSH 1.2.27 (w/ PAM patch) to
 MF> OpenSSH.  Remote SSH connections stop working after about 2 days (sshd is
 MF> run from inetd through tcp_wrappers).  After 2 days, if you log in
 MF> locally, graphical logins will halt.  A console text-based login works,
 MF> but about half the basic unix commands have problems.  For example, a "w"
 MF> only returns the first line, and then halts.  A "ps -ef" will get about
 MF> half way through before getting stuck.  A CTRL-C won't get you out of them
 MF> either.  All you can do is "sync; reboot" from a telnet connection
 MF> (tcp_wrappers is configured to allow telnet from one of our servers).

similar symptoms seen infrequently over here, but only on Solaris7
(not on 2.6).

 MF> This machine is being used mostly as a general purpose workstation.  I
 MF> know at least one person is using MATLAB and doing some X-Forwarding.

 MF> All the other machines (1 Ultra 80 and 10 Ultra 10s) are working fine.  We
 MF> did have one Ultra 2 (web server) that exhibited some of these problems,
 MF> but I immediately switched it back to SSH 1.2.27, because we can't afford
 MF> any downtime on that machine.

 MF> Do you have any idea what would cause this bizarre behavior?

TransARC libpamafs has been causing trouble in the past, and we are
happy to have gotten rid of it. The AFS kernel support for Solaris7
may be somewhat flaky as well (k_hasafs() sometimes returning 0...)

Sorry, no easy answer from over here.

Our build environment/binaries is at
/afs/cern.ch/project/connectivity/openssh-2.2.0/@sys/install/, feel
free to have a look.(it is actually a patched-up 2.3.0)

Regards
Jan





More information about the openssh-unix-dev mailing list