HPE Community
Operating System - HP-UX
1760029 Members
2564 Online
108889 Solutions
New Discussion юеВ

stuck ssh daemons owned by unknown on 11.23 system

 
SOLVED
Go to solution
EJ Stremler
Frequent Advisor

тАО10-18-2007 02:55 AM

тАО10-18-2007 02:55 AM

stuck ssh daemons owned by unknown on 11.23 system

For some reason there are ssh daemons that stay around, probably after an ungraceful killed session.. If there are too many of them, you cannot ssh into the system,..A workaround is to kill the sshds owned by unknown.. Does anyone know what might be causing this? and how to get this resolved? This seems to be happening only on systems that are running HP-UX 11.23.
systema:/root >ps -ef | grep ssh
root 1101 1 0 Aug 6 ? 0:05 /opt/ssh/sbin/sshd
sshd 5550 5548 0 23:36:22 ? 0:00
root 526 318 1 09:44:39 pts/ta 0:00 grep ssh
root 5544 1101 0 23:36:22 ? 0:00 sshd: unknown [priv]
root 5561 1101 0 23:36:23 ? 0:00 sshd: unknown [priv]
sshd 5489 5488 5 23:36:12 ? 0:00
root 5548 1101 0 23:36:22 ? 0:00 sshd: unknown [priv]
sshd 5524 5523 1 23:36:17 ? 0:00
sshd 5562 5561 1 23:36:23 ? 0:00
sshd 5545 5544 2 23:36:22 ? 0:00
root 5488 1101 0 23:36:12 ? 0:00 sshd: unknown [priv]
root 5523 1101 0 23:36:17 ? 0:00 sshd: unknown [priv]
0 Kudos
2 REPLIES 2
Steven E. Protter
Exalted Contributor

тАО10-18-2007 03:15 AM

тАО10-18-2007 03:15 AM

Solution

Re: stuck ssh daemons owned by unknown on 11.23 system

Shalom,

Check /var/adm/syslog/syslog.log

I believe it is an ungraceful shutdown.

Two things to check.

The user ssh client

Version of secure shell (sshd) on the server.

swlist -l product | grep -i secure

You may wish to update. No reboot required. Get the latest version from http://software.hp.com search for secure shell

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
EJ Stremler
Frequent Advisor

тАО10-18-2007 05:44 AM

тАО10-18-2007 05:44 AM

Re: stuck ssh daemons owned by unknown on 11.23 system

Yes we found the culprit in /var/adm/syslog/syslog.log file. It was a penetration script which is run by our security team that uses ssh. The times of the ps -ef and syslog.log entries reflect the same thing on several of our systems. And also, I think it is a good idea for us to get a hold of a newer version of ssh and install it.. Thank you for the link, and thanks for all your help...Ed
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.