Why does ssh try to run df, netstat, arp ...?

Robbie Stone robbie at serendipity.palo-alto.ca.us
Mon Nov 20 20:04:06 EST 2000


Andrew Stribblehill wrote:
YES!!!!!

I am running OpenSSH under Ultrix and lemme tell ya, that half this shit
we take for granite on a modern Unix system is non-existant. It's not
cool to re-link your kernel every time you change your root device for
example.

This solved major problems with random data (/dev/random under Ultrix,
yeah right!)

Robbie

> 
> Quoting Nico De Ranter <nico at sonycom.com>:
> > Howdy,
> >
> > I recently had a problem with one of our servers (crashed due to power
> > failure :-). While this shouldn't have been a problem for most
> > of the workstations and servers on the network I noticed that I
> > wasn't able to use ssh anymore. Ssh would simply hang during the connection.
> > rsh and telnet however were able to connect without problem so there
> > was no problem with the destination or the environment of the user.
> > I noticed that for some strange reason ssh tries to run arp, netstat and df
> > during the connection (I can understand the use of arp and netstat but why on
> > earth df).  Unfortunately df blocks when it tries to measure the size
> > of a filesystem which is mounted (e.g. by automount) but unavailable (since
> > the server crashed) I guess this is the reason why the ssh connection
> > failed. Ofcourse having my whole network unreachable by ssh just because
> > one server goes down is totaly unacceptable (I might as well start using
> > Windows). How can I turn this behaviour off or can anybody give me a
> > really really good reason why ssh would need df?
> 
> ssh and sshd need to get some randomness into their system
> somehow. For machines with a /dev/random, this is easy. However,
> the way ssh gets round it with less pleasant systems, is that it
> runs a set of commands whose output varies, hopefully from one
> execution to the next.
> 
> You can find the file containing these commands in
> /etc/ssh_prng_commands. Simply remove the offending lines.
> 
> Cheerio,
> 
> Andrew Stribblehill
> Systems programmer, IT Service, University of Durham, England

--
Robbie Stone
Serendipity Simplex





More information about the openssh-unix-dev mailing list