| Summary: |
Socket based activation of sshd can be DOS'd by port scanning |
| Product: |
systemd
|
Reporter: |
Matthew Cox <matt> |
| Component: |
general | Assignee: |
Lennart Poettering <lennart> |
| Status: |
RESOLVED
FIXED
|
QA Contact: |
|
| Severity: |
major
|
|
|
| Priority: |
medium
|
CC: |
fred
|
| Version: |
unspecified | |
|
| Hardware: |
x86-64 (AMD64) | |
|
| OS: |
Linux (All) | |
|
| Whiteboard: |
|
|
i915 platform:
|
|
i915 features:
|
|
|---|
| Attachments: |
unit file for sshd socket activation
|
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
Created attachment 48838 [details] unit file for sshd socket activation When using socket-based activation, the errors reported by the sshd instance cause systemd to consider the unit to be failing. == Syslog == 2011-07-06T18:19:50-04:00 neptune sudo: matt : TTY=pts/3 ; PWD=/home/matt ; USER=root ; COMMAND=/bin/systemctl start sshd.socket 2011-07-06T18:19:55-04:00 neptune sshd[23044]: Could not write ident string to UNKNOWN 2011-07-06T18:20:01-04:00 neptune sshd[23048]: Could not write ident string to UNKNOWN 2011-07-06T18:20:04-04:00 neptune systemd[1]: sshd.socket failed to queue socket startup job: Transport endpoint is not connected 2011-07-06T18:20:04-04:00 neptune systemd[1]: Unit sshd.socket entered failed state. == Reproduction == Start the sshd.socket unit. Launch two port scans of the localhost: nmap localhost && nmap localhost == Expected Result == Per-instance errors reported, but sshd.socket unit continues running and system continues to accept ssh connections. == Observed Result == Systemd suspends the socket service and causes the system to stop accepting ssh connections.