Why are there two sshd processes when I log into my computer?

Knute Johnson knute at frazmtn.com
Thu May 25 16:17:30 UTC 2006 

>Knute Johnson wrote:
>>> When I log in remotely to my FC5 box two sshd processes with usually 
>>> consecutive pids are created?  The original sshd process is still 
>>> there too.
>> 
>> Any ideas then why one of them logs its time in UTC and the other 
>> local?
>> 
>> May 24 22:43:13 rabbitbrush sshd[4258]: Accepted publickey for knute 
>> from 208.1.40.46 port 1614 ssh2
>> May 25 05:43:13 rabbitbrush sshd[4259]: Accepted publickey for knute 
>> from 208.1.40.46 port 1614 ssh2
>
>I agree that it is annoying to have incorrect logs.
>
>This problem has been raised before:
>
>  http://www.redhat.com/archives/rhl-list/2006-March/msg03980.html
>  http://www.redhat.com/archives/rhl-list/2006-April/msg00778.html
>
>but I don't see any reply about a solution and I didn't find an
>open bug for it.
>
>It looks like environmental variables are discarded for security
>reasons (try running "cat /proc/4258/environ", with the correct pid;
>there is no environment). I don't know if the two facts can be related.
>
>I just tried "strace -f" on the sshd daemon process: the following
>lines appear interesting
>
>[pid  9996] time(NULL)                  = 1148562034
>[pid  9996] open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or directory)
>[pid  9996] open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or directory)
>[pid  9996] open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or directory)
>[pid  9996] open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or directory)
>[pid  9996] send(6, "<86>May 25 13:00:34 sshd[9996]: "..., 94, MSG_NOSIGNAL) = 94
>
>The process (which is running as user "sshd") does not see the
>"/etc/localtime" file and logs a wrong time (13:00 instead of 15:00,
>in this case).
>
>I don't know why the file appears totally invisible to the process
>(chroot tricks?).

Thanks very much for your reply.  One of the previous posts was from 
me so there doesn't appear to be much interest in this.  Is this 
something that should be filed as a bug?

Thanks,

-- 
Knute Johnson
Molon Labe...

More information about the users mailing list