Description of problem: Reference: Bug ID 124310 sshd doesn't update /var/run/utmp when the allocated pty for a remote login is > 999 There is a solution described here: http://archive.netbsd.se/?list=openssh-bugs&a=2004-04&mid=188151 -------------- Subject: [Bug 855] doesn't properly log logout event in utmp entry when pts From: bugzilla-daemon(-at-)mindrot.org Id:<20040428231648.BC0BF27C189.org> Date: Thu, 29 Apr 2004 09:16:48 +1000 (EST) http://bugzilla.mindrot.org/show_bug.cgi?id=855 Summary: doesn't properly log logout event in utmp entry when pts bigger than 999 Product: Portable OpenSSH Version: 3.8p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs ReportedBy: arekm The problem is: syslogin_perform_logout() uses char line[8]; so tty name can have max 7 characters which is not common on recent linux 2.6.5 (and higher) systems which do not use first free pts number (see http://testing.lkml.org/slashdot.php? mid=465538 if you are really interested). Due to that there are bad entries in utmp left like: misiek pts/1049 192.168.2.2 Thu Apr 29 01:11 gone - no logout misiek pts/1046 192.168.2.2 Thu Apr 29 01:05 gone - no logout misiek pts/1045 192.168.2.2 Thu Apr 29 01:05 gone - no logout misiek pts/1044 192.168.2.2 Thu Apr 29 01:04 gone - no logout Patch to fix issue: diff -urN openssh-3.8p1.org/loginrec.c openssh-3.8p1/loginrec.c --- openssh-3.8p1.org/loginrec.c 2004-04-29 01:06:46.350105456 +0200 +++ openssh-3.8p1/loginrec.c 2004-04-29 01:07:37.357351176 +0200 @@ -1354,7 +1354,7 @@ syslogin_perform_logout(struct logininfo *li) { # ifdef HAVE_LOGOUT - char line[8]; + char line[LINFO_LINESIZE]; (void)line_stripname(line, li->line, sizeof(line)); ---------------- Please fix! :) Version-Release number of selected component (if applicable): openssh-3.6.1p2-34 (default with core 2) How reproducible: Always Steps to Reproduce: 1. "login and logout" from a remote machine 999 times. 2. subsequent "login/logout"s generate an error from sshd in /var/log/secure and do not update /var/run/utmp 3. Actual Results: finger shows remote sessions still open. Expected Results: finger should show remote sessions closed. Additional info: Jun 8 16:49:07 lantana sshd[31053]: syslogin_perform_logout: logout() returned an error
As a side comment from the previously referenced bug, if an active openssh session (i.e. gnome-terminal window) is running in X, and X is is killed, /var/run/utmp does not seem to be updated correctly either. Steps to Reproduce: 1. After a fresh login into X using gnome, open a terminal window: elisha: ~> finger Login Name Tty Idle Login Time Office Office Phone kriehn Gregory Kriehn *:0 Jun 9 10:41 kriehn Gregory Kriehn pts/1 Jun 9 10:41 (:0.0) elisha: ~> w 10:43:26 up 2 min, 2 users, load average: 0.86, 0.78, 0.33 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT kriehn :0 - 10:41 ?xdm? 24.67s 0.06s -/bin/tcsh -c / kriehn pts/1 :0.0 10:41 0.00s 0.07s 0.00s w 2. Leave the terminal window open and kill X with Ctrl-Alt-Backspace. 3. Next, log back into gnome after X restarts and open a new openssh session: elisha: ~> finger Login Name Tty Idle Login Time Office Office Phone kriehn Gregory Kriehn *:0 Jun 9 10:46 kriehn Gregory Kriehn pts/1 54d Jun 9 10:41 (:0.0) kriehn Gregory Kriehn pts/2 Jun 9 10:46 (:0.0) elisha: ~> finger Login Name Tty Idle Login Time Office Office Phone kriehn Gregory Kriehn *:0 Jun 9 10:46 kriehn Gregory Kriehn pts/1 120d Jun 9 10:41 (:0.0) kriehn Gregory Kriehn pts/2 Jun 9 10:46 (:0.0) elisha: ~> w 10:46:51 up 6 min, 3 users, load average: 0.53, 0.57, 0.32 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT kriehn :0 - 10:46 ?xdm? 19.26s 0.06s -/bin/tcsh -c / kriehn pts/2 :0.0 10:46 0.00s 1.61s 0.00s w Notice the random idle times generated resulting from the stale openssh session on pts/1.
Created attachment 101019 [details] sample output..
I built rpms with updated openssh 3.8.1p1 modified to use LINFO_LINESIZE and this solves the first issue. There is no problem when allocated pts is greater that 999. There is one issue though finger displays only 3 digit pts numbers. So, pts/1000 is displayed as pts/100. 'w' works fine. Look at attachment for sample output.
I can confirm this bug. I have the same problem. $ w 11:58:33 up 21 days, 1:52, 417 users, load average: 0.49, 1.00, 1.34 ^^^^^^^^^^ with only ten users logged in.
Looks fixed with current rpm packages.
I have installed openssh from FC3test2 on a FC2 system. Currently the highest used pts is 721, but in some days it will reach 1000. I will then add an additional comment if this is fixed for me or not.
I can confirm that this error is fixed on my system (FC2). openssh-clients-3.9p1-3 openssh-3.9p1-3 openssh-server-3.9p1-3 ptys higher than 1000 are used and users logging out are correctly logged without any error messages in any logs. commands like w, who, finger and last work as expected (logged out users stay no longer logged-in)