[Bug 2576] New: ssh-agent enters busy loop when running out of fds

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon May 30 21:37:38 AEST 2016 

https://bugzilla.mindrot.org/show_bug.cgi?id=2576

            Bug ID: 2576
           Summary: ssh-agent enters busy loop when running out of fds
           Product: Portable OpenSSH
           Version: 7.2p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: ssh-agent
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com

>  Lennart Poettering 2016-05-04 18:28:09 CEST

ssh-agent starts eating 100% if it gets bombarded by connections, and
runs out of file descriptors to use. Looking at strace, it starts to
cycle in a select() loop, where the listening AF_UNIX socket is
reported active, which makes ssh-agent invoke accept() which will then
fail with EMFILE. It will then immediately invoke select() again, and
be in a busy loop from then on.

I figure ssh-agent should enforce a limit on concurrent connections
(that is much lower than RLIMIT_NOFILE) and quickly terminate further
incoming connections when that limit is hit. Most internet software
handles this that way, and I figure ssh-agent should do that too for
incoming local clients.

I noticed that while creating a ton of ssh connections to my local
system in a tight loop, which uses the ssh keyring.

(When ssh-agent is in this mode, and you start further ssh instances
with the & suffix in a shell (to make it background), then they will
also enter a busy loop handling of SIGTTOU. I don't have further
details about this, though, was too lazy to figure out what is really
going on there).

>  Jakub Jelen 2016-05-26 17:01:26 CEST 

I was trying to burn my virtual box with a lot of requests to ssh-agent
but only with partial success. But the behavior you explain sounds
possible.

My test case:

  eval `ulimit -n 10; ssh-agent`
  ssh-add rsa
  cat rsa.pub >> .ssh/authorized_keys
  for i in `seq 1 128`; do ssh localhost id & done
  ls /proc/$SSH_AGENT_PID/fd/ | wc -w

and I am left with few cycling ssh processes in some cases, or with the
ssh-agent live-locked.

-----------------------------------------------------------------------------

Copy from RHBZ#1333105 [1]. I can hack this somehow, but upstream fix
with proper evaluation would make more sense, if it is considered as an
issue.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1333105

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list