[Bug 1564451] Re: User processes are counted towards systemd limit for sshd processes

Dr. Jens Rosenboom j.rosenboom at x-ion.de
Fri Apr 1 07:49:33 UTC 2016 

Hmm, on a cloud instance this looks different, even when logged in
multiple time, the output only shows the master process:

# systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2016-04-01 06:00:11 UTC; 1h 44min ago
 Main PID: 971 (sshd)
    Tasks: 1 (limit: 512)
   Memory: 5.3M
      CPU: 169ms
   CGroup: /system.slice/ssh.service
           └─971 /usr/sbin/sshd -D

Package versions are identical in both systems:

root at jr-xeni1:~# apt-cache policy systemd
systemd:
  Installed: 229-3ubuntu1
  Candidate: 229-3ubuntu1
  Version table:
 *** 229-3ubuntu1 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
        100 /var/lib/dpkg/status
root at jr-xeni1:~# apt-cache policy openssh-server
openssh-server:
  Installed: 1:7.2p2-2
  Candidate: 1:7.2p2-2
  Version table:
 *** 1:7.2p2-2 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
        100 /var/lib/dpkg/status

So I'm wondering what else could be causing the different behaviour
here.


** Also affects: systemd
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1564451

Title:
  User processes are counted towards systemd limit for sshd processes

Status in systemd:
  New
Status in openssh package in Ubuntu:
  New

Bug description:
  When running Xenial, user processes are counted towards the limit for
  the ssh.service, with a limit of 512. So if I login as a normal user
  via ssh and start 512 processes, nobody will be able to login any more
  and even all other users currently logged in will not be able to start
  any new tasks. I'm not certain whether this behaviour is by design,
  but to me it looks like a critical DOS possibility, so tagging as
  security bug.

To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1564451/+subscriptions

More information about the foundations-bugs mailing list