[systemd-devel] "sshd.socket failed to queue socket startup job"
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Wed Feb 23 09:58:49 PST 2011
On Wed, Feb 23, 2011 at 06:23:05PM +0100, Lennart Poettering wrote:
> On Wed, 23.02.11 16:24, Zbigniew Jędrzejewski-Szmek (zbyszek at in.waw.pl) wrote:
>
> > Hi,
> > I wanted to see what happens when using per-connection sshd at .service
> > from http://0pointer.de/public/systemd-units/sshd@.service.
> >
> > After doing some ~1200 ssh connections, the socket went into
> > disabled state:
> > Feb 23 15:43:23 fedora systemd[1]: sshd.socket failed to queue socket startup job: File exists
> > Feb 23 15:43:23 fedora systemd[1]: Unit sshd.socket entered failed state.
> >
> > After 'systemctl restart sshd.socket' connections work again.
> > Is this expected?
> >
> > Another problem is resource usage:
> > after 7000 connections the RSS of systemd is up at 90MB. It started around 20MB,
> > so this gives 70 MB / 7000 connections = 10kB per connection, which is not bad,
> > but basically opens up a way to bring the machine down if the number of connection
> > is not limited in some other way.
> >
> > Should systemd implement dropping old inactive template-generated units?
> > Or maybe does it do this already?
>
> We do that. The problem is that this service of yours failed and systemd
> hence won't drop it. If a service fails we usually use that as
> indication that this is something the admin should see and hence never
> GC the service.
I see. systemctl reset-failed && systemctl daemon-reload indeed clear the backlog :).
>
> In this case there are two solutions: a) fix sshd to not return a
> failure code if run as "sshd -i".
>
> Or b) replace "ExecStart=/usr/sbin/sshd -i" by
> "ExecStart=-/usr/sbin/sshd -i" to ensure we ignore any failure from
> sshd.
b) works and the number of units is not increases. I guess that the service file
should be modified in this way. a) might be a little bit harder :).
Thanks,
Zbyszek
More information about the systemd-devel
mailing list