Prev: simple usage of windows TAP-Win32 driver
Next: Dynamic DNS
From: robert on 21 Apr 2008 23:24
Hi all,

sshd is pulling 100% cpu as shown by this top output on a quad
processor box running centos 5 and kernel 2.6.18 :

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4942 root 25 0 105m 5280 4004 R 100 0.3 3816:29 sshd
10338 root 25 0 100m 1940 860 R 100 0.1 1104:27 sshd

netstat shows:

/root> netstat -np | grep CLOSE | grep 389
....
tcp 23 0 192.168.2.95:32771
192.168.2.96:389 CLOSE_WAIT 4942/sshd: dhuff
tcp 23 0 192.168.2.95:32770
192.168.2.96:389 CLOSE_WAIT 4942/sshd: dhuff
tcp 137 0 192.168.2.95:32772
192.168.2.96:389 CLOSE_WAIT 4942/sshd: dhuff
tcp 1 0 192.168.2.95:60974
192.168.2.96:389 CLOSE_WAIT 4942/sshd: dhuff
tcp 1 0 192.168.2.95:56913
192.168.2.96:389 CLOSE_WAIT 2760/winbindd
tcp 1 0 192.168.2.95:54630
192.168.2.96:389 CLOSE_WAIT 10336/sshd: rlazars
tcp 24 0 192.168.2.95:54673
192.168.2.96:389 CLOSE_WAIT 10338/sshd: rlazars
tcp 1 0 192.168.2.95:51635
192.168.2.96:389 CLOSE_WAIT 2406/dbus-daemon
tcp 1 0 192.168.2.95:51618
192.168.2.96:389 CLOSE_WAIT 2742/smbd
tcp 1 0 192.168.2.95:51608
192.168.2.96:389 CLOSE_WAIT 2623/ntpd
tcp 1 0 192.168.2.95:49781
192.168.2.96:389 CLOSE_WAIT 2861/winbindd
tcp 1 0 192.168.2.95:51020
192.168.2.96:389 CLOSE_WAIT 2760/winbindd

192.168.2.96:389 is actually a windows box running active directory.
The admin of these machines is aware of the problem, but wants me to
fix it since it could be client applications causing the problem. The
info I got is "SSHD has to open an LDAP session to authenticate with
active directory." CLOSE_WAIT as I understand it happens when the
remote side has closed the connection, but the local socket hasn't
performed the final read. The ssh connections are initiated via CVS,
and I since I see CLOSE_WAIT on things like ntp, I'm not certain at
all its an sshd problem. Any ideas on how to find the cause of the
problem?

Thanks,
Robert
 | 
Pages: 1
Prev: simple usage of windows TAP-Win32 driver
Next: Dynamic DNS