groups issue with openssh (all versions since at least 3.8), AIX 5.3 and NIS
Gael Martinez
gael at magicnet.org
Tue Mar 14 12:47:37 EST 2006
Hello
We are have a massive performance issue in our environment since a while. SSH logins simply take 30 s to 1 minute to give a
prompt, telnet are instantaneous. After doing a few tcpdump and comparisons between telnet and ssh connections, we noticed
that in average a ssh connection is generating over 12000 nis sessions, scanning basically all the group.byname table a few
times and we got a few thousands groups... :(
I was wondering if it could be the same issue that we saw with DB2 which behaves the exact same way each time a user logs
in...they were using the wrong function to determine the groups associated to one user
http://www-1.ibm.com/support/docview.wss?uid=swg1IY44229
As we got over a thousand AIX machines running my build of openssh in a very large environment, this is causing a real overall
performance issue with our nis environment ...
Details about the current test build:
apsp8111:/gael/src/openssh-4.3p2 #oslevel -r
5300-03
bash-2.05a$ gcc -v
Reading specs from /opt/gcc/gcc-3.2.2/lib/gcc-lib/powerpc-ibm-aix5.1.0.0/3.3.2/specs
Configured with: ./configure --prefix=/opt/gcc/gcc-3.2.2 --enable-languages=c,c++
Thread model: aix
gcc version 3.3.2
apsp8111:/gael/src/openssh-4.3p2 #/usr/local/ssl/bin/openssl version
OpenSSL 0.9.7i 14 Oct 2005
apsp8111:/gael/src/openssh-4.3p2 #./ssh -v
OpenSSH_4.3p2, OpenSSL 0.9.7i 14 Oct 2005
$ ./configure --without-rsh --disable-suid-ssh --sysconfdir=/etc/ssh --with-mantype=man --libexecdir=/usr/local/sbin
--with-pid-di
r=/etc/ssh --with-zlib=../zlib-1.2.3 --with-default-path=/bin:/usr/bin:/usr/local/bin
Let me know, I will assist as much as possible, this is really a big issue for us, and I'm not able to determine if that issue
can be resolved with a patch to openssh
or at the OS level.
Regards
--
Gael
More information about the openssh-unix-dev
mailing list