# sshd with high priority?

## zeek

I got an alert from a monitoring system that a server I manage remotely was no longer responding.  I was able to ssh into the machine, although very slowly, and got one ps to run before the machine stopped responding.  It turned out to be a mail bomb and the oom killer kept kicking in killing smtpd processes only to have them come back.  This repeated until the box hung.  This part really isn't important.

What bothers me is that there was a 10 minute window where I first logged in via ssh and when the machine stopped responding.  All I could get out in those 10 mins were ps -ef.  If ssh was snappier I would've saved myself a drive into work on a Saturday to hit a power switch a couple of times.

This got me to thinking about using nice to raise the priority of sshd.  This is pretty easy to do, but the priority of the shell it spawn is not elevated.  I've thought about going the other way and lowering the priority of various daemons ... but this is less desirable as I'd like the machine to run as it is now, but to give remote logins higher priority.  There is no remote ssh access so I don't need to worry about a remote attacker using up cpu cycles.

I'd be interested in any comments regarding problems or pitfalls with running sshd say nice -n -10.  Also any ideas on how to get the shell sshd spawns running with a custom priority?

----------

## zeek

According to the docs on execv the nice value is supposed to be inherited but it isn't:

```

F S UID        PID  PPID  C PRI  NI ADDR SZ WCHAN  STIME TTY          TIME CMD

5 S root     12457     1  0  66 -10 -   875 -      Apr08 ?        00:00:00 /usr/sbin/sshd

4 S root      4509 12457  0  66 -10 -  1580 -      00:10 ?        00:00:00 sshd: root@pts/1

4 S root      4556  4509  0  75   0 -   672 wait   00:11 pts/1    00:00:00 -bash

```

----------

## Janne Pikkarainen

Have you tried to pump up the default priority for your user in /etc/security/limits.conf? Try that and also make sure that /etc/pam.d/sshd (or /etc/pam.d/system-auth) contains a line for pam_limits.so.

----------

## zeek

 *Janne Pikkarainen wrote:*   

> Have you tried to pump up the default priority for your user in /etc/security/limits.conf? Try that and also make sure that /etc/pam.d/sshd (or /etc/pam.d/system-auth) contains a line for pam_limits.so.

 

Thanks!  This seems to work as advertised.  Combined with starting sshd with higher priority I can login to an artificially loaded box (50 `yes` processes running in the background) without any problems.  Without the higher priority I can't do anything.

----------

