Do your sleep processes show up in the output of "systemctl status
ssh.service" in the CGroup section? For me they do (sample with just one
process backgrounded):
# systemctl status ssh.service
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset:
enabled)
Active: active (running) since Fri 2016-04-01 05:53:59 UTC; 1min 1s ago
Main PID: 2928 (sshd)
Tasks: 10 (limit: 512)
CGroup: /system.slice/ssh.service
├─2928 /usr/sbin/sshd -D
├─4966 sshd: jrosenboom [priv
├─5087 sshd: jrosenboom@pts/
├─5127 -bash
├─5208 sudo -i
├─5213 sudo -i
├─5214 -bash
├─6386 sleep 100
├─6403 systemctl status ssh.service
└─6404 pager
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1564451
Title:
User processes are counted towards systemd limit for sshd processes
Status in openssh package in Ubuntu:
New
Bug description:
When running Xenial, user processes are counted towards the limit for
the ssh.service, with a limit of 512. So if I login as a normal user
via ssh and start 512 processes, nobody will be able to login any more
and even all other users currently logged in will not be able to start
any new tasks. I'm not certain whether this behaviour is by design,
but to me it looks like a critical DOS possibility, so tagging as
security bug.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1564451/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
