Telnet sessions stay as idle users

newtoaixos · February 13, 2015, 11:29am

Hi

The telnet sessions stay as idle users. It is not getting kicked out.

Please advise what could be the issue. only when we reboot the server these telnet sessions goes.

Below is the current output from the server. we rebooted the server three days ago:

pmut6:/> uptime
  04:21PM   up 3 days,  19:38,  117 users,  load average: 1.01, 3.24, 3.94

pmut6:/> oslevel -s
7100-02-01-1245

pmut6:/> who | wc -l
     117

pmut6:/> ps -ef | grep -i telnet
    root  4653266  4325508   0 14:44:03      -  0:00 telnetd -a
    root  5505096  4325508   0 16:48:15      -  0:00 telnetd -a
    root  5767200  4325508   0   12 Feb      -  0:00 telnetd -a
    root  9240804  4325508   0   12 Feb      -  0:00 telnetd -a
    root 10092716  4325508   0   11 Feb      -  0:00 telnetd -a
    root 10289396  4325508   0   11 Feb      -  0:00 telnetd -a
    root 10682548  4325508   0   10 Feb      -  0:00 telnetd -a
    root 11010234  4325508   0   10 Feb      -  0:00 telnetd -a
    root 11403404  4325508   0   12 Feb      -  0:00 telnetd -a
    root 12189742  4325508   0   10 Feb      -  0:00 telnetd -a
    root 12648586  4325508   0   11 Feb      -  0:00 telnetd -a
    root 12910780  4325508   0   12 Feb      -  0:00 telnetd -a
    root 13369344  4325508   0   12 Feb      -  0:00 telnetd -a
    root 13762784  4325508   0   12 Feb      -  0:00 telnetd -a
    root 14024800  4325508   0   10 Feb      -  0:00 telnetd -a
    root 14090370  4325508   0   12 Feb      -  0:00 telnetd -a
    root 14221312  4325508   0   11 Feb      -  0:00 telnetd -a
    root 14483516  4325508   0   10 Feb      -  0:00 telnetd -a
    root 14876762  4325508   0 18:49:36      -  0:00 telnetd -a
    root 15073316  4325508   0   10 Feb      -  0:00 telnetd -a
    root 15597698  4325508   0   11 Feb      -  0:00 telnetd -a
    root 15794230  4325508   0   10 Feb      -  0:00 telnetd -a
    root 15925386  4325508   0   10 Feb      -  0:00 telnetd -a
    root 16056332  4325508   0   10 Feb      -  0:00 telnetd -a
    root 16187526  4325508   0   10 Feb      -  0:00 telnetd -a
    root 16515266  4325508   0   10 Feb      -  0:00 telnetd -a
    root 16580824  4325508   0 13:32:58      -  0:00 telnetd -a
    root 17957062  4325508   0 10:03:27      -  0:00 telnetd -a
    root 18022590  4325508   0   10 Feb      -  0:00 telnetd -a
    root 18153612  4325508   0   12 Feb      -  0:00 telnetd -a
    root 18415758  4325508   0   10 Feb      -  0:00 telnetd -a
    root 18481400  4325508   0   10 Feb      -  0:00 telnetd -a
    root 18546924  4325508   0   10 Feb      -  0:00 telnetd -a
    root 18743458  4325508   0   10 Feb      -  0:00 telnetd -a
    root 18874572  4325508   0   10 Feb      -  0:00 telnetd -a
    root 19005674  4325508   0   12 Feb      -  0:00 telnetd -a
    root 19071138  4325508   0   11 Feb      -  0:00 telnetd -a
    root 19136686  4325508   0   10 Feb      -  0:00 telnetd -a
    root 19333210  4325508   0   10 Feb      -  0:00 telnetd -a
    root 19529958  4325508   0   10 Feb      -  0:00 telnetd -a
    root 19791886  4325508   0   11 Feb      -  0:00 telnetd -a
    root 20119636  4325508   0   12 Feb      -  0:00 telnetd -a
    root 20316280  4325508   0   11 Feb      -  0:00 telnetd -a
    root 20381778  4325508   0   11 Feb      -  0:00 telnetd -a
    root 20775098  4325508   0   10 Feb      -  0:00 telnetd -a
    root 20906026  4325508   0   12 Feb      -  0:00 telnetd -a
    root 20971708  4325508   0   11 Feb      -  0:00 telnetd -a
    root 21037066  4325508   0   10 Feb      -  0:00 telnetd -a
    root 21168334  4325508   0   11 Feb      -  0:00 telnetd -a
    root 21430356  4325508   0   11 Feb      -  0:00 telnetd -a
    root 21626952  4325508   0   11 Feb      -  0:00 telnetd -a
    root 21692548  4325508   0   11 Feb      -  0:00 telnetd -a
    root 21758114  4325508   0   11 Feb      -  0:00 telnetd -a
    root 21823626  4325508   0   11 Feb      -  0:00 telnetd -a
    root 22020196  4325508   0   11 Feb      -  0:00 telnetd -a
    root 22085698  4325508   0   11 Feb      -  0:00 telnetd -a
    root 22151230  4325508   0   11 Feb      -  0:00 telnetd -a
    root 22216872  4325508   0   12 Feb      -  0:00 telnetd -a
    root 22347874  4325508   0   11 Feb      -  0:00 telnetd -a
    root 22413378  4325508   0   11 Feb      -  0:00 telnetd -a
    root 22478988  4325508   0   11 Feb      -  0:00 telnetd -a
    root 22544584  4325508   0   10 Feb      -  0:00 telnetd -a
    root 22741152  4325508   0   11 Feb      -  0:00 telnetd -a
    root 22872236 16253054   0 16:20:11 pts/106  0:00 grep -i telnet
    root 23134260  4325508   0   11 Feb      -  0:00 telnetd -a
    root 23199918  4325508   0   11 Feb      -  0:00 telnetd -a
    root 23461994  4325508   0   11 Feb      -  0:00 telnetd -a
    root 23658540  4325508   0   11 Feb      -  0:00 telnetd -a
    root 23855156  4325508   0   11 Feb      -  0:00 telnetd -a
    root 23920670  4325508   0   12 Feb      -  0:00 telnetd -a
    root 23986364  4325508   0   11 Feb      -  0:00 telnetd -a
    root 24051902  4325508   0   11 Feb      -  0:00 telnetd -a
    root 24248542  4325508   0   11 Feb      -  0:00 telnetd -a
    root 24641568  4325508   0   11 Feb      -  0:00 telnetd -a
    root 24707312  4325508   0   12 Feb      -  0:00 telnetd -a
    root 24772748  4325508   0   12 Feb      -  0:00 telnetd -a
    root 25100504  4325508   0   11 Feb      -  0:00 telnetd -a
    root 25362460  4325508   0   11 Feb      -  0:00 telnetd -a
    root 25559102  4325508   0 13:09:18      -  0:00 telnetd -a
    root 25690286  4325508   0 09:59:28      -  0:00 telnetd -a
    root 25886790  4325508   0 13:33:31      -  0:00 telnetd -a
    root 26083414  4325508   0   12 Feb      -  0:00 telnetd -a
    root 26280030  4325508   0   12 Feb      -  0:00 telnetd -a
    root 26476626  4325508   0   12 Feb      -  0:00 telnetd -a
    root 26542086  4325508   0   12 Feb      -  0:00 telnetd -a
    root 27263062  4325508   0   12 Feb      -  0:00 telnetd -a
    root 27394050  4325508   0 12:05:56      -  0:00 telnetd -a
    root 27459830  4325508   0   12 Feb      -  0:00 telnetd -a
    root 27590774  4325508   0 18:50:27      -  0:00 telnetd -a
    root 27656226  4325508   0 18:49:26      -  0:00 telnetd -a
    root 27787400  4325508   0   12 Feb      -  0:00 telnetd -a
    root 28115074  4325508   0   12 Feb      -  0:00 telnetd -a
    root 28180574  4325508   0   12 Feb      -  0:00 telnetd -a
    root 28246030  4325508   0   12 Feb      -  0:00 telnetd -a
    root 28442796  4325508   0   12 Feb      -  0:00 telnetd -a
    root 29425882  4325508   0 14:58:22      -  0:00 telnetd -a
    root 29884632  4325508   0 09:57:36      -  0:00 telnetd -a
    root 29950178  4325508   0 10:45:20      -  0:00 telnetd -a
    root 30146778  4325508   0 12:03:39      -  0:00 telnetd -a
    root 30343294  4325508   0 07:02:41      -  0:00 telnetd -a
    root 30474394  4325508   0 11:57:38      -  0:00 telnetd -a
    root 30736630  4325508   0 06:58:22      -  0:00 telnetd -a
    root 30802014  4325508   0 13:33:14      -  0:00 telnetd -a
    root 31064098  4325508   0 14:40:27      -  0:00 telnetd -a
    root 31129672  4325508   0 06:54:08      -  0:00 telnetd -a
    root 31260876  4325508   0 10:05:28      -  0:00 telnetd -a
    root 31522840  4325508   0 10:31:36      -  0:00 telnetd -a
    root 31588540  4325508   0 13:34:34      -  0:00 telnetd -a
    root 31719630  4325508   0 10:41:12      -  0:00 telnetd -a
    root 31785190  4325508   0 08:50:59      -  0:00 telnetd -a
    root 31916180  4325508   0 13:32:54      -  0:00 telnetd -a
    root 32112782  4325508   0 10:01:47      -  0:00 telnetd -a
    root 32243746  4325508   0 10:30:06      -  0:00 telnetd -a
    root 32768072  4325508   0 14:58:53      -  0:00 telnetd -a
    root 33357972  4325508   0 15:11:54      -  0:00 telnetd -a
    root 34013332  4325508   0 15:28:13      -  0:00 telnetd -a

rbatte1 · February 13, 2015, 11:56am

You might find that these are just sitting at the login prompt. What does the output from ps -ef|grep logi[n] give you? I would bet 117 sessions.

I would not see it as a problem unless you are getting connection refusals though.

Robin

DGPickett · February 13, 2015, 1:10pm

You can truss the telnetd proc's as root to see what they are hanging on. They have no children?

bakunin · February 13, 2015, 2:29pm

If these sessions indeed sit there at the login prompt there is little you can do. There is DGPicketts suggestion of using truss and/or lsof to terminate sessions, but this is a workaround rather than a solution.

If you have many and rapidly changing connections (although this should be no problem with typical telnet connections, other protocols are more prone to that) you might want to tune the keepalive-parameters in AIX to allow for faster closing of already closed sessions: TCP sessions getting into the state FIN-WAITING (see netstat -a output) take some time to become finally closed and this can pose a problem if very many connection-attempts are done in a short time. Usually this is the case with the Oracle-Listener connections in DB-servers with many clients but the same can happen with other protocols too.

Check the network options with the command

no -a

and look at the values of: tcp_keepintvl, tcp_keepidle and tcp_keepinit.

You can change these parameters (they are measured in half-seconds, hence i.e "150" means 75 seconds) with the command:

no -o <parameter>=<value>

Be sure to read the man page of no before changing anything because these tuning parameters can heavily affect the network output of your system!

I hope this helps.

bakunin

DGPickett · February 13, 2015, 3:27pm

Well, truss and lsof just give info. Maybe you can see if there is a problem IP creating sessions using lsof. It almost sounds like a Denial Of Service attack! But usually the TCP protocol should close them out. TCP not only waits for lost packets on dead connections, but on normal, stable close holds data for retransmits in case that last FIN ACK packet gets lost, and the FIN packet arrives again, retransmitted. However, the age of some of these is way past such timers. First use truss to see what it is waiting on. Then use lsof to find out who/what is on that process and fd #'s.

agent.kgb · February 16, 2015, 10:56am

As for me it seems that you have problems with your users, not AIX

Try to add export TMOUT=300 in /etc/profile. Then all new sessions of your users will be automatically logged off after 300 seconds of inactivity. The old sessions have to be killed.

rbatte1 · February 16, 2015, 11:13am

I think that these are sessions that are yet to log in though. You are also assuming that the users drop to the command line, which can be a very dangerous place to let business users get to.

I have a job that scans and terminates idle sessions from the application to handle that.

Your time-out setting is also 360 seconds, because there is a warning issued which has a further 60 seconds delay before the shell exists.

Robin

jim_mcnamara · February 16, 2015, 12:08pm

Why are they all root? I think everyone here agrees that appears to be a terrible idea. Since were are getting nothing back from the OP I have to assume it was an 'oops' on somebody's part and has been corrected.

agent.kgb · February 16, 2015, 12:16pm

because it's telnetd, it is started from inetd under the user, which is written in /etc/inetd.conf. Usually (in standard AIX configuration) it is root.