OpenSSH - Connection problem when LoginGraceTime exceeds time

Kumaresh kumaresh_ind at gmx.net
Tue Jan 27 22:23:21 EST 2004


Hello,

This problem is regarding the configuration directive called
'LoginGraceTime'.

Problem Description:
Tests were done with OpenSSH -3.6.1p2 and 3.7.1p2 on HP-UX.

sshd is started with LoginGraceTime as 1 minute.Three windows were used to
initiate the ssh client.After launching two clients wait for a sometime
without issuing the password so it exceeds the grace period for login.when
syslog.log is examined the connection seems to be closed.But when the
command

#netstat -an|grep 22

is given the connection seems to be still established giving provision for
the third client to connect to the server. As this behaviour continues the
number of users whom can be connected get reduced because of these
connections still being established. (ie  MaxStartups - set as 3).

In syslog.log:

Jan 27 03:49:58 kanishka sshd[7056]: fatal: Timeout before authentication
for 127.0.0.1
Jan 27 03:49:59 kanishka sshd[7075]: invalid module type: configuration

Example of netstat -an|grep 22:
tcp    0     0  127.0.0.1.22           127.0.0.1.58651 ESTABLISHED
tcp    0     0  127.0.0.1.22           127.0.0.1.58647 ESTABLISHED
tcp    0     0  127.0.0.1.58651        127.0.0.1.22  ESTABLISHED
tcp    0     0  127.0.0.1.58647        127.0.0.1.22 ESTABLISHED
tcp    0     0  *.22                   *.*                     LISTEN
tcp    0     0  127.0.0.1.58649        127.0.0.1.22 ESTABLISHED
tcp    0     0  127.0.0.1.22           127.0.0.1.58649 ESTABLISHED

So, further connections always give, "ssh_exchange_identification:
Connection closed by remote host" and closed.

Source code of OpenSSH shows that SSH uses alarm/SIGALRM to implement the
LoginGraceTime. When using priviledged separation, the priviledged process
receives the alarm signal and exits when the time expires. However, the
non-priveledged sshd process remains connected until the client sends some
data or the client disconnects.  Without priviledged separation, the sshd
process receives the alarm signal and exits. No other processes remain.

Any help to fix this problem?

Advance Thanks,
Kumaresh.



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.561 / Virus Database: 353 - Release Date: 1/13/2004




More information about the openssh-unix-dev mailing list