OpenSSH and syslog

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hello.

Today i found an interesting problem related to OpenSSH. If you open enough connections to /dev/log which your current logger can’t handle, you can’t logging remotely using SSH which is blocked waiting for access to /dev/log.

To reproduce this problem i used CentOS 6 and 7 with the following script:

#!/bin/bash
for i in (1..500); do
  (yes | logger) &
done

For CentOS 6, 50 is enough to cause rsyslog to stop accepting connections. It’s a known limitation described here:
http://www.rsyslog.com/doc/v8-stable/configuration/modules/imuxsock.html <http://www.rsyslog.com/doc/v8-stable/configuration/modules/imuxsock.html>

For CentOS 7, the limit is around 450, i believe is for the same reason (but with systems this time), but i did not check.

I am not sure if this is a problem or a feature. I guess under some circumstances it would be appropriate to deny access if you can’t record it. On the other hand it makes too difficult to access cloud system which are under stress.

I would like to hear your thoughts about how should we handle this issue. It comes to mind some form of asynchronous logging or may be a timeout and a configuration option to make it non fatal.

Best Regards.
Pablo Castellazzi.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux