Re[2]: SSH-connections hanging (IP-filter related?)

From: Marius Huse Jacobsen (mahuja_at_c2i.net)
Date: 12/16/03

  • Next message: Atro Tossavainen: "Re: Porting SSH (VxWorks)"
    Date: Mon, 15 Dec 2003 16:49:52 -0800
    To: Rob De Langhe <secureshell@securityfocus.com>
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hello Rob,

    Wednesday, December 10, 2003, 10:58:55 PM, you wrote:

    RDL> Hi,

    RDL> The connection from the central
    RDL> server is still ESTABLISHED, and a "truss" on the SSHD program shows a
    RDL> "poll()" that's hanging. Sure on the connecting side (the central server),
    RDL> the "ssh" client is still waiting for the remote end to close the
    RDL> connection. And so my batch jobs hang...

    RDL> We run IP-Filter everywhere, and I noticed a few posts on the Internet that
    RDL> might indicate relationship of this SSH-problem with the fact that IP-filter
    RDL> is controlling the communications.

    If sshd is still running, then I doubt the problem is with ipfilter.

    RDL> I found another hint about the BASH environment variable "huponexit", but
    RDL> that's not relevant either since the remote "bash" completes entirely,
    RDL> including its childs. But its invoking parent, the "sshd" that accepted the
    RDL> connection, is hanging.

    RDL> Any hints/tips ?

    If you can have bash run a logoff command, have it send some signal to
    its parent (sshd) to make it terminate. (kill -9 could kill some
    unflushed buffers as well, while the others *should* work properly in
    this respect)

    I'm not knowledgable about what poll() does, but the best solution
    would probably be to make it succeed.

    - --
    Best regards,
     Marius mailto:mahuja@c2i.net

    -----BEGIN PGP SIGNATURE-----

    iQA/AwUBP95WsJfZ2CSWpu1rEQLO3ACg0FDtSCT4a/hduKE4uiLKu7DYklUAn0wz
    ZV0OJIrFxa28VnCYVvdl7ioh
    =tSFc
    -----END PGP SIGNATURE-----


  • Next message: Atro Tossavainen: "Re: Porting SSH (VxWorks)"

    Relevant Pages

    • Re: ssh_exchange_identification uClinux problem
      ... By default sshd does not let root login into a server. ... Connection closed by foreign host. ... inetd started sshd or logged an error. ...
      (comp.security.ssh)
    • Re: C/R without "leaks"
      ... sshd: to give up the connection when something goes wrong. ... server consolidation with a virtual machine, your do with containers. ...
      (Linux-Kernel)
    • Re: SSH connection pause
      ... debug mode, you may get some clues from where the output pauses. ... you suggested I try running the *server* in debug mode ... I started the sshd in debug mode, ... Now for the interesting bit;-) If I then attempt a connection to the ...
      (comp.security.ssh)
    • Re: SSH connection pause
      ... Now for the interesting bit;-) If I then attempt a connection to the ... server from the client who's address *can* be resolved via reverse ... Daemon" that sat in front of all types of lookups (DNS, NIS, ... as I can't just stop/start the sshd at any time. ...
      (comp.security.ssh)
    • RE: Unable to connect to sshd on server inside firewall
      ... However, I rebuilt one of the client machines yesterday, and attempted the connection from a clean install of openssh. ... The biggest difficulty is the server is located in a different state, on a secure facility, so doing mods on it is a hassle. ... Unable to connect to sshd on server inside firewall ...
      (SSH)