[Bug 1564451] Re: User processes are counted towards systemd limit for sshd processes
Seth Arnold
1564451 at bugs.launchpad.net
Thu Mar 31 22:50:22 UTC 2016
I'm having trouble reproducing this. I started a few thousand /bin/sleep
commands and was able to log in via ssh as another user; the error
message when logging in again as my normal user account showed an error
message that looked appropriate.
In one ssh:
sarnold at sec-xenial-amd64:~$ for i in `seq 1 6000` ; do /bin/sleep 10 & done
...
[15813] 24043
[15814] 24044
[15815] 24045
-bash: fork: retry: Resource temporarily unavailable
-bash: fork: retry: Resource temporarily unavailable
In another terminal:
$ ssh -oControlPath=none root at sec-xenial-amd64
Welcome to Ubuntu Xenial Xerus (development branch) (GNU/Linux 4.4.0-16-generic x86_64)
* Documentation: https://help.ubuntu.com/
0 packages can be updated.
0 updates are security updates.
Last login: Thu Mar 31 15:42:23 2016 from 192.168.122.1
root at sec-xenial-amd64:~#
$ ssh -oControlPath=none sec-xenial-amd64
shell request failed on channel 0
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1564451
Title:
User processes are counted towards systemd limit for sshd processes
Status in openssh package in Ubuntu:
New
Bug description:
When running Xenial, user processes are counted towards the limit for
the ssh.service, with a limit of 512. So if I login as a normal user
via ssh and start 512 processes, nobody will be able to login any more
and even all other users currently logged in will not be able to start
any new tasks. I'm not certain whether this behaviour is by design,
but to me it looks like a critical DOS possibility, so tagging as
security bug.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1564451/+subscriptions
More information about the foundations-bugs
mailing list