Re: SSH hanging

From: Johnson Jeba Asir (
Date: 09/20/04

  • Next message: Derek Martin: "Re: Locking down ssh config in large env"
    Date: Mon, 20 Sep 2004 06:22:18 -0700 (PDT)

    Helo all,

              Sorry for the very late reply. After setting
    the MTU to 1350, the connection was fine for a couple
    of days. So far i'm allowing ICMP ports 0,8 alone.
    Since this issue is very important, i've changed my
    entier settup. Once the things are fine then, I'll
    update my firewall with ICMP request handling and
    revert it back. Now I need a way to find out which
    link is having lesser MTU problem. Is there is any way
    to find it out?


    --- Robert Hajime Lanning <>

    > Do all the other working servers have the same
    > network path?
    > As in, you are A, and B,C,D are all on the same
    > network?
    > If not, then it would still be the ICMP issue. It
    > maybe that with the
    > other servers, the
    > default MTU is just fine, but somewhere between you
    > and this server
    > with the issue,
    > there is a link that cannot handle the 1500 byte
    > default MTU.
    > BTW, It is good practice to allow those ICMP types
    > and codes. They
    > are part of the
    > actual function of TCP.
    > On Thu, 9 Sep 2004 02:25:18 -0700 (PDT), Johnson
    > Jeba Asir
    > <> wrote:
    > >
    > > Thanks for the Reply. The client also running ssh
    > > (OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL
    > > 0x0090602f). But the problem is the same set of
    > > firewall is running very fine with my other
    > servers.
    > --
    > -MCP

    Do you Yahoo!?
    New and Improved Yahoo! Mail - Send 10MB messages!

  • Next message: Derek Martin: "Re: Locking down ssh config in large env"

    Relevant Pages

    • Re: wierd net behaviour
      ... It relies on getting ICMP Destination ... MTU for the remote host. ... If the responding gateway implements the ... recommendations for gateways in RFC 1191, then the next hop MTU ...
    • FW: ICMP fragmentation required but DF set problems.
      ... ICMP fragmentation required but DF set problems. ... against some TCP/IP stack. ... Anyway the stack takes an hash table with the MTU of other ends. ... size of the quoted packet in the ICMP packet, ...
    • Re: ICMP and discard oversize frame
      ... I am running a FreeBSD router with two ethernet cards. ... the MTU to 800 in order to generate ICMP packet "Fragmentation needed ... But there is no ICMP sent. ...
    • Re: Problem of blocking ICMP packet while calculating Path MTU
      ... > I am in process of implementing Path MTU detection technique. ... > process the received ICMP ECHO reply packets. ... > there is no need to write server code at all. ...
    • RE: ICMP unreachable question
      ... If I understood you correctly you are referring to the ICMP Error ... will be used to carry the MTU used for the link ... I'm interested in a particular ICMP packet which seems to change the ... This list is provided by the SecurityFocus Security Intelligence Alert ...