Lot of duplicate sshd daemons getting created in Solaris

Question

I have a Solaris server where I found lot of sshd services running:

 ps -ef | grep 23492
root 25449 23492   0 15:27:17 ?           0:00 /usr/sbin/sshd2 -oPidFile=/var/run/sshd2_22.pid -R internal_rexec
root 25432 23492   0 15:24:32 ?           0:00 /usr/sbin/sshd2 -oPidFile=/var/run/sshd2_22.pid -R internal_rexec
root 25350 23492   0 15:14:22 ?           0:00 /usr/sbin/sshd2 -oPidFile=/var/run/sshd2_22.pid -R internal_rexec
root 25344 23492   0 15:13:59 ?           0:00 /usr/sbin/sshd2 -oPidFile=/var/run/sshd2_22.pid -R internal_rexec
root 25539 23492   0 15:34:42 ?           0:00 /usr/sbin/sshd2 -oPidFile=/var/run/sshd2_22.pid -R internal_rexec
root 23492     1   0 11:45:46 ?           0:01 /usr/sbin/sshd2 -oPidFile=/var/run/sshd2_22.pid
root 24101 23492   0 13:06:34 ?           0:00 /usr/sbin/sshd2 -oPidFile=/var/run/sshd2_22.pid -R internal_rexec
root 25472 23492   0 15:30:38 ?           0:00 /usr/sbin/sshd2 -oPidFile=/var/run/sshd2_22.pid -R internal_rexec

As you can see, PID-23492 /usr/sbin/sshd2has created multiple sub processes. I want to know who/what other process/script is initiating this.

Is there any command in Solaris which can give me further details on the process ?

I tried doing an lsof on the PID file, but I guess its not working on Solaris:

[root@e0100damsgmgt01 /var/adm]$ lsof /var/run/sshd2_22.pid  
ld.so.1: lsof: fatal: libc.so.1: version `SUNW_1.22.5' not found (required by file /opt/csw/bin/amd64/lsof)
ld.so.1: lsof: fatal: libc.so.1: open failed: No such file or directory
Killed
[root@e0100damsgmgt01 /var/adm]$

My solaris version:

[root@e0100damsgmgt01 /var/adm]$ uname -a
SunOS e0100damsgmgt01 5.10 Generic_137112-07 i86pc i386 i86pc
[root@e0100damsgmgt01 /var/adm]$

Kindly help.

`fuser` is the native Solaris equivalent of `lsof`. The version of `lsof` you have installed under `/opt/csw` has a version mismatch. — Andrew Henle, Sep 10 '15 at 09:53
`fuser /var/run/sshd2_22.pid` doesn't give me anything. The output just shows `/var/run/sshd2_22.pid:` — dig_123, Sep 11 '15 at 07:35

score 0 · Answer 1 · answered Sep 10 '15 at 09:48

0

ps axf

should give you process tree where you will see that there is on server and the others are children communicating with different clients. This is normal behaviour.

To get the list of open files by your proces, you should use

lsof -p $(cat /var/run/sshd2_22.pid)

or you can see the list for every other process by substituting the $(...) by the PID from the previous command.

answered Sep 10 '15 at 09:48

Jakuje

9,715
2
42
45

`ps axf` doesn't run on solaris as `-x` is not a valid option. As `lsof` is not running on my system, so anyway `lsof -p $(cat /var/run/sshd2_22.pid)` this won't run. – dig_123 Sep 11 '15 at 07:38
ok. On solaris, you can use commands `fuser` or `pfiles` – Jakuje Sep 11 '15 at 08:04

Lot of duplicate sshd daemons getting created in Solaris

1 Answers1