[Exherbo-dev] [Fwd: Re: [systemd-devel] "sshd.socket failed to queue socket startup job"]

Vasiliy G Tolstov v.tolstov at selfip.ru
Thu Feb 24 08:06:54 GMT 2011

Wulf, can You modify sshd.socket to eliminate this messges (i'm using
socket not standalone sshd daemon) 

-------- Forwarded Message --------
From: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
To: Lennart Poettering <lennart at poettering.net>
Cc: systemd-devel at lists.freedesktop.org
Subject: Re: [systemd-devel] "sshd.socket failed to queue socket startup
Date: Wed, 23 Feb 2011 18:58:49 +0100

On Wed, Feb 23, 2011 at 06:23:05PM +0100, Lennart Poettering wrote:
> On Wed, 23.02.11 16:24, Zbigniew Jędrzejewski-Szmek (zbyszek at in.waw.pl) wrote:
> > Hi,
> > I wanted to see what happens when using per-connection sshd at .service
> > from http://0pointer.de/public/systemd-units/sshd@.service.
> > 
> > After doing some ~1200 ssh connections, the socket went into
> > disabled state:
> > Feb 23 15:43:23 fedora systemd[1]: sshd.socket failed to queue socket startup job: File exists
> > Feb 23 15:43:23 fedora systemd[1]: Unit sshd.socket entered failed state.
> > 
> > After 'systemctl restart sshd.socket' connections work again.
> > Is this expected?
> > 
> > Another problem is resource usage:
> > after 7000 connections the RSS of systemd is up at 90MB. It started around 20MB,
> > so this gives 70 MB / 7000 connections = 10kB per connection, which is not bad,
> > but basically opens up a way to bring the machine down if the number of connection
> > is not limited in some other way.
> > 
> > Should systemd implement dropping old inactive template-generated units?
> > Or maybe does it do this already?
> We do that. The problem is that this service of yours failed and systemd
> hence won't drop it. If a service fails we usually use that as
> indication that this is something the admin should see and hence never
> GC the service.
I see. systemctl reset-failed && systemctl daemon-reload indeed clear the backlog :).

> In this case there are two solutions: a) fix sshd to not return a
> failure code if run as "sshd -i".
> Or b) replace "ExecStart=/usr/sbin/sshd -i" by
> "ExecStart=-/usr/sbin/sshd -i" to ensure we ignore any failure from
> sshd.
b) works and the number of units is not increases. I guess that the service file
should be modified in this way. a) might be a little bit harder :).

systemd-devel mailing list
systemd-devel at lists.freedesktop.org

Vasiliy G Tolstov <v.tolstov at selfip.ru>

More information about the Exherbo-dev mailing list