Why does ssh try to run df, netstat, arp ...?

[Andrew Stribblehill]

Quoting Nico De Ranter <nico at sonycom.com>:
> Howdy,
> 
> I recently had a problem with one of our servers (crashed due to power
> failure :-). While this shouldn't have been a problem for most
> of the workstations and servers on the network I noticed that I
> wasn't able to use ssh anymore. Ssh would simply hang during the connection.
> rsh and telnet however were able to connect without problem so there
> was no problem with the destination or the environment of the user.
> I noticed that for some strange reason ssh tries to run arp, netstat and df
> during the connection (I can understand the use of arp and netstat but why on
> earth df).  Unfortunately df blocks when it tries to measure the size
> of a filesystem which is mounted (e.g. by automount) but unavailable (since
> the server crashed) I guess this is the reason why the ssh connection
> failed. Ofcourse having my whole network unreachable by ssh just because
> one server goes down is totaly unacceptable (I might as well start using
> Windows). How can I turn this behaviour off or can anybody give me a
> really really good reason why ssh would need df?

ssh and sshd need to get some randomness into their system
somehow. For machines with a /dev/random, this is easy. However,
the way ssh gets round it with less pleasant systems, is that it
runs a set of commands whose output varies, hopefully from one
execution to the next.

You can find the file containing these commands in
/etc/ssh_prng_commands. Simply remove the offending lines.

Cheerio,

Andrew Stribblehill
Systems programmer, IT Service, University of Durham, England