Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Reserv memory for uid 0 / sshd+shell
Operating Systems Linux Reserv memory for uid 0 / sshd+shell Post 302577992 by Corona688 on Wednesday 30th of November 2011 12:24:05 PM
Old 11-30-2011
I've thought about this before, and it's tricky...

For starters I've often believed things like libc, libssl, libpam, and so-on ought to be kept in memory to improve reaction times under idle or high-load conditions. "not recently used" doesn't understand how some rarely-used things are important, and I'd certainly be willing to trade .1% of my disk cache to guarantee that sshd can respond instantly in ideal conditions and work at all in worst-case ones.

The "sticky bit", set on shared libraries, used to be used for something quite close to this -- it would keep the executable in swap even when unloaded. But it's fallen into disuse, and Linux doesn't honor it at all.

Even a user application can map in a file and mlock() at least some RAM, though, so you'd hope it'd be an easy enough fix.

Now, the next problem is where is the kernel going to get memory buffers to support another socket? Hopefully it's smart enough to not completely spend its own memory, since that's not something easily changed.

Another problem is process tables. Often there's just not enough memory to run another process, so you log in, run 'kill -9 rameater', and there's not enough memory to run kill. You can do an end-run around this by running exec kill -9 rameater instead, but it's a double-edged sword because it logs you out.

The next problem is the login system. You can lock libpam into memory, but you certainly shouldn't lock in /etc/passwd and /etc/shadow. They might cause some delay logging in.

Ultimately, there may be no perfect fix. This situation is the sort of thing you'd use a hardware watchdog-timer for.

---------- Post updated at 11:24 AM ---------- Previous update was at 11:22 AM ----------

Quote:
Originally Posted by vbe
when completely out of control as you mention ping may even not reply...
Out of curiosity, why would ping not answer? The kernel's still in control even when the system's swapping madly.
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

When does a shell read into memory?

I don't know how to ask this clearly, so I'll try my best... At what point does a shell script stop reading from a file, and begin using the buffered script? Hopefully, this example will shed some light: #!/usr/bin/ksh value="" until ; do sleep 10 print "What is your value?" #print... (5 Replies)
Discussion started by: LivinFree
5 Replies

2. UNIX for Dummies Questions & Answers

sshd

i just downloaded and installed succesfully openssh server, and am running it on netbsd 1.5, i can not login with anyuser, i enabled root login just to see what happens and i can login as root, but no other user, i checked my config and most things are default, whats going on? has any one else had... (2 Replies)
Discussion started by: norsk hedensk
2 Replies

3. AIX

It helps in the sshd on sshd.log

Friends, I made the installation of the ssh in the it conspires, I configured in the ssh_config the following parameters.. SyslogFacility AUTH LogLevel INFO that should generate sshd.log in the /var/log.... more no this generating. Somebody could help myself in... (0 Replies)
Discussion started by: sandba
0 Replies

4. UNIX for Advanced & Expert Users

why sshd cost different memory in the same system

It is a little bit weird to me when i found this on a solaris 9 system with openssh package. Below is the result copied from "top" output: PID USERNAME LWP PRI NICE SIZE RES STATE TIME CPU COMMAND 13491 root 1 59 0 27M 18M sleep 0:06 0.00% sshd -i 20198 root ... (1 Reply)
Discussion started by: sleepy_11
1 Replies

5. Solaris

no sshd log

My ssh log appear to the screen which i want it to be log to /var/log/sshd.log how to log the sshd to /var/log? (5 Replies)
Discussion started by: hezry79
5 Replies

6. Solaris

sshd and loginlog

I have shamelessly tried all the possible ways to see if my /var/adm/loginlog logs user access entries for ssh but nothing has worked for me so far..:confused: for telnet login its working fine. Adding auth.info in syslog.conf works but i dont want that output. Is there any way to edit... (2 Replies)
Discussion started by: ningy
2 Replies

7. AIX

How to use 'expect' to pass UID & Password to a "for loop" in shell script?

Friends, Need someone's help in helping me with the below requirement for a script: > For a list of servers(over 100+), I need to login into each of them(cannot configure password-less ssh) & grab few configuration details < I know, this is possible through expect programming in a simple... (2 Replies)
Discussion started by: thisissouvik
2 Replies

8. Shell Programming and Scripting

How to use 'expect' to pass UID & Password to a "for loop" in shell script?

Friends, Need someone's help in helping me with the below requirement for a script: > For a list of servers(over 100+), I need to login into each of them(cannot configure password-less ssh) & grab few configuration details < I know, this is possible through expect programming in a simple... (14 Replies)
Discussion started by: thisissouvik
14 Replies

9. Shell Programming and Scripting

Shell script for %computational memory & % non computational memory

Dear, How to calculate %computational memory and %non computational memory from AIX server. What command used to find out %computational memory and % non computational memory except topas. Regards Nowshath (1 Reply)
Discussion started by: Nowshath
1 Replies

10. Red Hat

Sshd - error

Hi, Do you know what cause the error message ? Nov 19 13:42:19 cfsasnd02 sshd: pam_env(sshd:setcred): non-alphanumeric key '-- /etc/environment' in /etc/environment', ignoring Nov 19 13:42:20 cfsasnd02 sshd: pam_env(sshd:setcred): non-alphanumeric key '-- /etc/environment' in... (0 Replies)
Discussion started by: xitrum
0 Replies

LEARN ABOUT SUSE

ssh-keysign

SSH-KEYSIGN(8)						    BSD System Manager's Manual 					    SSH-KEYSIGN(8)

NAME

     ssh-keysign -- ssh helper program for host-based authentication

SYNOPSIS

     ssh-keysign

DESCRIPTION

     ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication with
     SSH protocol version 2.

     ssh-keysign is disabled by default and can only be enabled in the global client configuration file /etc/ssh/ssh_config by setting
     EnableSSHKeysign to ``yes''.

     ssh-keysign is not intended to be invoked by the user, but from ssh(1).  See ssh(1) and sshd(8) for more information about host-based authen-
     tication.

FILES

     /etc/ssh/ssh_config
	     Controls whether ssh-keysign is enabled.

     /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
	     These files contain the private parts of the host keys used to generate the digital signature.  They should be owned by root, read-
	     able only by root, and not accessible to others.  Since they are readable only by root, ssh-keysign must be set-uid root if host-
	     based authentication is used.

SEE ALSO

     ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)

HISTORY

     ssh-keysign first appeared in OpenBSD 3.2.

AUTHORS

     Markus Friedl <markus@openbsd.org>

BSD
								   May 31, 2007 							       BSD
All times are GMT -4. The time now is 11:54 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy