Hello. Today i found an interesting problem related to OpenSSH. If you open enough connections to /dev/log which your current logger can’t handle, you can’t logging remotely using SSH which is blocked waiting for access to /dev/log. To reproduce this problem i used CentOS 6 and 7 with the following script: #!/bin/bash for i in (1..500); do (yes | logger) & done For CentOS 6, 50 is enough to cause rsyslog to stop accepting connections. It’s a known limitation described here: http://www.rsyslog.com/doc/v8-stable/configuration/modules/imuxsock.html <http://www.rsyslog.com/doc/v8-stable/configuration/modules/imuxsock.html> For CentOS 7, the limit is around 450, i believe is for the same reason (but with systems this time), but i did not check. I am not sure if this is a problem or a feature. I guess under some circumstances it would be appropriate to deny access if you can’t record it. On the other hand it makes too difficult to access cloud system which are under stress. I would like to hear your thoughts about how should we handle this issue. It comes to mind some form of asynchronous logging or may be a timeout and a configuration option to make it non fatal. Best Regards. Pablo Castellazzi.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
