check_ssh + copssh: Phantom session exhaustion


#1

I have several windows machines running copssh 2.1.0

It would appear that running check_ssh against this packaging of openssh + cygwin will eventually result in openssh server exhausting its ten default connections.

Has anyone else ever observed a check_ssh monitored instance of copssh failing in this way?
What did you do?

In my mind, this constitutes a DoS attack against copssh (a program which connects, says hi I’m an SSH client, then closes should not be able to exhaust sessions - and this problem DOES NOT occur on openssh instances on linux).

In terms of how long it takes for this to happen, I found that if I ran a check_ssh every two seconds, it took about two minutes for the sshd.exe to die (obviously I don’t normally run every 2 seconds, I normally run about 7-10 minutely checks).