Bug 1452804

Summary: sshd hangs for 1min at: "pledge: exec", with workaround that shouldn't work
Product: [Fedora] Fedora Reporter: John Ellson <john.ellson>
Component: opensshAssignee: Jakub Jelen <jjelen>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: jjelen, john.ellson, mattias.ellert, mgrepl, plautrba, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-06-13 05:56:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description John Ellson 2017-05-19 16:44:04 UTC 
Description of problem:
sshd hangs for 1min at: "pledge: exec"

Searching for this bug yielded: 
   https://unix.stackexchange.com/questions/340309/ssh-7-4-prolonged-pause-at-pledge-network
which looks like the same issue, except that it was fedora25 on a Raspberry Pi.
I'm seeing the issue on edora27 KVM machines (x86_64 and i686.   I'm not seeing the issue of ffedora26 

In that note there was a suggestion to set:  "UseDNS no"

According to /etc/ssh/sshd_config,  this is the commented out value, which I take to mean the deefault.

I uncommented the "UseDNS no" line,  the tried to "systemctl restart sshd"
but that hung.

I then rebooted and now ssh works without delay.
    

Version-Release number of selected component (if applicable):
kernel-4.12.0-0.rc1.git0.1.fc27.x86_64
openssh-7.5p1-2.fc27.x86_64
systemd-233-2.fc27.x86_64

How reproducible:
100%

Steps to Reproduce:
1.(from some other system)   ssh -vvv bld-fedora27
2.
3.

Actual results:
hangs for 1min at: debug1: pledge: exec


Expected results:
no hang

Additional info:

Change "#UseDNS no"  to "UseDNS no"  and rebooting,  works for me so far.
Comment 1 Jakub Jelen 2017-05-31 15:26:17 UTC 
Pledge is not used in Linux. It is an OpenBSD way of limiting processes so it is actually hanging on something else around this. From this report is not even clear if the "hang" is on the server or on the client (for that I would need the debug logs from client and server with timestamps).

UseDNS no is a default so no need to change it. You are also using Fedora rawhide, which might have some bugs below openssh level (glibc, kernel, ...) causing this and the reboot resolved the issue for you.

I am not sure what is the the intention of this bug report or what resolution you expect.
Comment 2 John Ellson 2017-06-12 15:01:47 UTC 
further updates seem to have cleared the problem.  Cannot reproduce now.
Comment 3 John Ellson 2017-06-21 15:57:38 UTC 
Probably a consequence of:
    https://bugzilla.redhat.com/show_bug.cgi?id=1463745