Hi all,
sshd is pulling 100% cpu as shown by this top output on a quad
processor box running centos 5 and kernel 2.6.18 :
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4942 root 25 0 105m 5280 4004 R 100 0.3 3816:29 sshd
10338 root 25 0 100m 1940 860 R 100 0.1 1104:27 sshd
netstat shows:
/root> netstat -np | grep CLOSE | grep 389
....
tcp 23 0 192.168.2.95:32771
192.168.2.96:389 CLOSE_WAIT 4942/sshd: dhuff
tcp 23 0 192.168.2.95:32770
192.168.2.96:389 CLOSE_WAIT 4942/sshd: dhuff
tcp 137 0 192.168.2.95:32772
192.168.2.96:389 CLOSE_WAIT 4942/sshd: dhuff
tcp 1 0 192.168.2.95:60974
192.168.2.96:389 CLOSE_WAIT 4942/sshd: dhuff
tcp 1 0 192.168.2.95:56913
192.168.2.96:389 CLOSE_WAIT 2760/winbindd
tcp 1 0 192.168.2.95:54630
192.168.2.96:389 CLOSE_WAIT 10336/sshd: rlazars
tcp 24 0 192.168.2.95:54673
192.168.2.96:389 CLOSE_WAIT 10338/sshd: rlazars
tcp 1 0 192.168.2.95:51635
192.168.2.96:389 CLOSE_WAIT 2406/dbus-daemon
tcp 1 0 192.168.2.95:51618
192.168.2.96:389 CLOSE_WAIT 2742/smbd
tcp 1 0 192.168.2.95:51608
192.168.2.96:389 CLOSE_WAIT 2623/ntpd
tcp 1 0 192.168.2.95:49781
192.168.2.96:389 CLOSE_WAIT 2861/winbindd
tcp 1 0 192.168.2.95:51020
192.168.2.96:389 CLOSE_WAIT 2760/winbindd
192.168.2.96:389 is actually a windows box running active directory.
The admin of these machines is aware of the problem, but wants me to
fix it since it could be client applications causing the problem. The
info I got is "SSHD has to open an LDAP session to authenticate with
active directory." CLOSE_WAIT as I understand it happens when the
remote side has closed the connection, but the local socket hasn't
performed the final read. The ssh connections are initiated via CVS,
and I since I see CLOSE_WAIT on things like ntp, I'm not certain at
all its an sshd problem. Any ideas on how to find the cause of the
problem?
Thanks,
Robert
|
Similar Threads
Linear Mode
