Applies to
Venafi Servers Agents 15.4.x; 16.1.x; 16.2.x
Summary
During the scanning of a system for SSH keys, the discovery job takes hours instead of seconds and appears to hang on a Linux/Unix system.
Issue may also cause Agent to generate core dumps. System logs may show the following events:
Jan 05 00:20:01 mysystem Venafi-Agent[10954]: Warning:sshdiscovery_2042 VED Agent SSH Discovery: Filtering out directory '/users' - is link
Jan 05 00:20:01 mysystem kernel: traps: vagent[26829] general protection ip:45cd5626d60 sp:7fac45675858 error: 0 in libc-2.17.so[7fab655d9000+1b7000]
Cause
This is caused by the scan definition containing links within the directories it is scanning. The agent attempts to open and read these links like they are normal files, but they are not normal files they are references.
Resolution
Upgrade your server agent to 16.3.x or higher. In these versions, we exclude /dev and /prod from being scanned. The agent also will not attempt to open a file that is 16 bytes or less in size. On older versions, update your SSH Discovery scan definition to exclude paths that contain links.
Comments