Parece ser um bug conhecido do openssh no linux alpino.
O servidor ansible openssh trava com 100% cpu, quando a compactação é solicitada ( ssh -C
)
ssh -vvv -C root@host
[...]
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
Authenticated to host
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting [email protected]
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: proc
Então o cliente trava (não reage mais a ctrl-c) e o servidor tem um processo com 100% cpu (mas aceita novas conexões ssh).
strace no cliente termina com:
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, SNDCTL_TMR_STOP or TCSETSW, {B38400 -opost -isig -icanon -echo ...}) = 0
ioctl(0, TCGETS, {B38400 -opost -isig -icanon -echo ...}) = 0
clock_gettime(CLOCK_BOOTTIME, {tv_sec=337152, tv_nsec=214378998}) = 0
clock_gettime(CLOCK_BOOTTIME, {tv_sec=337152, tv_nsec=214391217}) = 0
select(9, [5], [4], NULL, {tv_sec=300, tv_usec=0}) = 1 (out [4], left {tv_sec=299, tv_usec=999998})
clock_gettime(CLOCK_BOOTTIME, {tv_sec=337152, tv_nsec=214421550}) = 0
write(4, "2rv070G7T421aE734>47&Process 257 attached
select(7, [3 4], NULL, NULL, NULL) = 1 (in [3])
accept(3, {sa_family=AF_INET, sin_port=htons(43604), sin_addr=inet_addr("192.168.100.1")}, [16]) = 5
fcntl(5, F_GETFL) = 0x2 (flags O_RDWR)
pipe([6, 7]) = 0
socketpair(PF_LOCAL, SOCK_STREAM, 0, [8, 9]) = 0
rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
fork() = 821
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
close(7) = 0
write(8, "ssh -vvv -C root@host
[...]
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
Authenticated to host
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting [email protected]
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: proc
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, SNDCTL_TMR_STOP or TCSETSW, {B38400 -opost -isig -icanon -echo ...}) = 0
ioctl(0, TCGETS, {B38400 -opost -isig -icanon -echo ...}) = 0
clock_gettime(CLOCK_BOOTTIME, {tv_sec=337152, tv_nsec=214378998}) = 0
clock_gettime(CLOCK_BOOTTIME, {tv_sec=337152, tv_nsec=214391217}) = 0
select(9, [5], [4], NULL, {tv_sec=300, tv_usec=0}) = 1 (out [4], left {tv_sec=299, tv_usec=999998})
clock_gettime(CLOCK_BOOTTIME, {tv_sec=337152, tv_nsec=214421550}) = 0
write(4, "2rv070G7T421aE734>47&Process 257 attached
select(7, [3 4], NULL, NULL, NULL) = 1 (in [3])
accept(3, {sa_family=AF_INET, sin_port=htons(43604), sin_addr=inet_addr("192.168.100.1")}, [16]) = 5
fcntl(5, F_GETFL) = 0x2 (flags O_RDWR)
pipe([6, 7]) = 0
socketpair(PF_LOCAL, SOCK_STREAM, 0, [8, 9]) = 0
rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
fork() = 821
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
close(7) = 0
write(8, "%pre%%pre%%pre%6%pre%", 5) = 5
write(8, "%pre%%pre%%pre%5\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"..., 245) = 245
close(8) = 0
close(9) = 0
close(5) = 0
getpid() = 257
getpid() = 257
getpid() = 257
select(7, [3 4 6], NULL, NULL, NULL) = 1 (in [6])
close(6) = 0
select(7, [3 4], NULL, NULL, NULL
#g15U5"..., 112) = 112
clock_gettime(CLOCK_BOOTTIME, {tv_sec=337152, tv_nsec=214447208}) = 0
clock_gettime(CLOCK_BOOTTIME, {tv_sec=337152, tv_nsec=214457769}) = 0
select(9, [5], [], NULL, {tv_sec=300, tv_usec=0}
%pre%6%pre%", 5) = 5
write(8, "%pre%%pre%%pre%5\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"..., 245) = 245
close(8) = 0
close(9) = 0
close(5) = 0
getpid() = 257
getpid() = 257
getpid() = 257
select(7, [3 4 6], NULL, NULL, NULL) = 1 (in [6])
close(6) = 0
select(7, [3 4], NULL, NULL, NULL
#g15U5"..., 112) = 112
clock_gettime(CLOCK_BOOTTIME, {tv_sec=337152, tv_nsec=214447208}) = 0
clock_gettime(CLOCK_BOOTTIME, {tv_sec=337152, tv_nsec=214457769}) = 0
select(9, [5], [], NULL, {tv_sec=300, tv_usec=0}
Strace no servidor:
uma vez que o processo trava, anexar com strace -p
ao processo de suspensão não mostra mais nada.
Anexando ao processo principal mostra na conexão:
Depois disso, nenhuma saída adicional até a próxima conexão (suspensa), que retorna a mesma saída.
Parece ser um bug conhecido do openssh no linux alpino.