sshd running with 100%

SUSE Linux Enterprise Server SLES Configure-Administer
1

Hi,

i have a SLES 11 SP4 box, 64bit, where sshd is running with 100%:

top - 15:13:28 up 31 days, 22:14, 4 users, load average: 1.20, 1.60, 1.93
Tasks: 160 total, 3 running, 157 sleeping, 0 stopped, 0 zombie
Cpu(s): 9.1%us, 20.9%sy, 0.0%ni, 69.9%id, 0.1%wa, 0.0%hi, 0.1%si, 0.0%st
Mem: 32093M total, 31676M used, 417M free, 5696M buffers
Swap: 2046M total, 878M used, 1168M free, 11475M cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND

28071 root 20 0 79728 2436 2424 R 100 0.0 22492:18 sshd <==

14500 root 20 0 8514m 7.9g 2256 S 8 25.2 1127:09 qemu-kvm
8964 root 0 -20 16864 6300 2468 S 3 0.0 25:28.49 atop

Only some people are logged on via ssh, doing nothing:

pc60181:~ # w

USER TTY LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 11Dec15 31days 0.00s 0.00s /bin/bash
root pts/1 11Dec15 31days 0.00s 38.94s kdeinit4: kded4 [kdeinit]
root pts/2 11Dec15 43:37 0.14s 0.14s -bash
root pts/3 11Dec15 1.00s 0.18s 0.18s -bash

What astonishes me:

pc60181:~ # ps aux|grep -i ssh
root 6416 0.0 0.0 53764 888 ? Ss 2015 0:06 /usr/sbin/sshd -o PidFile=/var/run/sshd.init.pid
root 9279 0.0 0.0 4556 556 pts/3 S+ 15:17 0:00 grep -i ssh
root 9757 0.0 0.0 79788 2492 ? Ss 2015 0:06 sshd: root@pts/2
root 28071 53.5 0.0 79728 2436 ? Rs 2015 22496:34 sshd: root@notty
root 28128 0.0 0.0 79928 2704 ? Ss 2015 0:05 sshd: root@pts/3

Process 28071 (the one with 100%) is running as root@notty. What is notty ?

I attached strace to the process:

Process 28071 attached - interrupt to quit
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
select(13, [5 6 8], [8], NULL, NULL) = 2 (in [8], out [8])
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
select(13, [5 6 8], [8], NULL, NULL) = 2 (in [8], out [8])
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
select(13, [5 6 8], [8], NULL, NULL) = 2 (in [8], out [8])
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0

It does not seem to do much.

I’m logging my system with atop, but unfortunately my logs don’t go back enough to find the timestamp when it starts.
It’s already running with 100% for several days.

Any ideas why the process is running at 100% ?

Bernd

2

Hi
notty means a sftp, scp etc session running, netstat should identify. Also use pstree to follow the process.