Thu Mar 27 18:54:59 UTC 2014

Hello all,

  Since upgrading to oi_151a8 on an older server we'veat least twice lost the ability to connect via ssh to a particular local zone. New connections are just quickly refused with no sun-ssh banner (including tests from localhost), while old sessions work and restarts of the daemon help.

Other zones are not affected, but this one gets a lot more traffic (as a poor-mans vpn with ssh port forwarding for many legacy clients too stubborn to move on into openvpn). I have a hunch that either some leaks occur, or some DoS-protection kocks in, if any is now available in the daemon.

I've made a workaround of testing for the banner and restarting the daemon if need be; but can also queue up some debugging (pstack on the old process still "online" in smf although unresponsive, or something else?)

Does any of this ring a bell to someone? Is it a feature, a local misconfig, a bug (maybe fixed later on already?)


Typos courtesy of my Samsung Mobile

