1 (edited by FRiFt 2013-04-22 08:40:31)

Topic: MySecureShell @ 100% cpu

Hello everyone,

Debian 6.0.7 and MySecureShell installed from the deb-repository.

today i encountered a problem with our SFTP server, cpu was at 100% and wont go down anymore.
I can reproduce the behaviour, when i connect through WinSCP and try to "break out" with a command, i cant access the server but the process MySecureShell jumps to 100% and stays there. Only way to recover is to kill the process.
i did a strace on it for you, it wont end so i just copy/pasted about 340 lines:

http://pastebin.com/y4C2bgaX

Re: MySecureShell @ 100% cpu

Hi,

Your link is down... can you post-it please? smile

Re: MySecureShell @ 100% cpu

Hello,

i updated the link!

Re: MySecureShell @ 100% cpu

Hi,

Thank you, but i don't have enough information (and i'm not familiar with strace).

How you "break you" in WinSCP (and with which version) ?
I want to reproduce the problem on my pc smile

Re: MySecureShell @ 100% cpu

Hi Teka,

its WinSCP 5.1.4.
---> Connect to your SFTP
---> under Options enable Command Line
---> type anything into the commandline on the bottom and say ok
---> enter password and nothing happens in WinSCP
---> Process MySecureShell on Debian SFTP-Server is at 100% CPU

thanks for looking into it.

Re: MySecureShell @ 100% cpu

Hi,

It's works for me...

Can you show the configuration file of MySecureShell ?
Maybe we don't have same configuration smile


Debian 32bit or 64bit ?

Re: MySecureShell @ 100% cpu

<Default>
        GlobalDownload                 0
        GlobalUpload                   0
        Download                       0
        Upload                         0
        StayAtHome                     true
        VirtualChroot                  true
        LimitConnection                100
        LimitConnectionByUser          10
        LimitConnectionByIP            10
        Home                           /home/SFTP/$USER
        IdleTimeOut                    15m
        ResolveIP                      false
        IgnoreHidden                   true
        DirFakeUser                    false
        DirFakeGroup                   false
        DirFakeMode                    0770
        HideNoAccess                   true
        DefaultRights                  0770 0770
        ShowLinksAsLinks               true
        CreateHome                     true
        CanChangeRights                false
        DisableSetAttribute            true
        Shell                          /bin/MySecureShell
</Default>
and then there are a couple of groups where only the home directory is specified.

its debian 64bit. i use certificate based auth and every other auth option is disabled.

Re: MySecureShell @ 100% cpu

Hi,

Ok your problem is simple: you can specify shell to "/bin/MySecureShell".

MySecureShell only provide access to sftp. If you want to have shell access too, you have to set the shell to "/bin/bash" (or other).

Re: MySecureShell @ 100% cpu

i dont understand? i want my users to ONLY have sftp access yes, but i dont want the MySecureProcess to jump to 100% when someone tries something stupid...

Re: MySecureShell @ 100% cpu

So if you want to use only sftp access for your user don't specifity Shell to "/bin/MySecureShell" in your configuration "/etc/ssh/sftp_config" wink

I've made a fix for this case smile