sshd childs hangs after blocking

[dmtr]

i use csf v7.07.
i got a lot of processes like these:

Code: Select all

root      9164  0.0  0.0 101236  4084 ?        Ss   Aug01   0:00 sshd: root [priv]
sshd      9165  0.0  0.0  67992  1652 ?        S    Aug01   0:00 sshd: root [net] 
root     10412  0.0  0.0 101104  3796 ?        Ss   Aug02   0:00 sshd: unknown [priv]
sshd     10414  0.0  0.0  67992  1740 ?        S    Aug02   0:00 sshd: unknown [net]
root     10439  0.0  0.0 101236  4088 ?        Ss   Aug03   0:00 sshd: root [priv]
sshd     10440  0.0  0.0  67992  1656 ?        S    Aug03   0:00 sshd: root [net]

i investigated this issue and found that processes are frozen when blocking IP after ssh false logins.
as result we got "hanged" ESTABLISHED connection:

Code: Select all

tcp        0      0 107.6.145.75:22             188.40.170.149:24746        ESTABLISHED 28164/sshd

and iptables rules:

Code: Select all

      12     2352 DROP     all  --  !lo    *       188.40.170.149       0.0.0.0/0           reject-with icmp-port-unreachable 
      12     2688 DROP     all  --  *      !lo     0.0.0.0/0            188.40.170.149      reject-with icmp-port-unreachable 

but sshd shouldn't hang after blocking. Is it known issue? Solutions?

[inawire]

I'm having the same issue. Same version of csf. I'm on CentOS 6.5.

I think it something to do with my SSH config and keepalive. I'm still looking into a solution but I don't this this is a csf issue, just my ssh setup.

Here is one link I'm looking at for help:
http://unix.stackexchange.com/questions ... ork-in-ssh

I my research, my 'hung' sshd's were all blocked by csf (as by design) but I don't think the sshd knows that and is keeping the conection open. I think "ServerAlive" will help solve this.

[SeasonM]

Does anyone have a fix for this?

For now I have wrote a script to kill off the dead SSH connections. I could also reconfigure MaxStartups but I feel like the problem shouldn't be happening in the first place.

Any advice appreciated...

csf v9.28, RHEL 7.3