ssh hangs after authentication - possible solution

---

• From: "Radim Tobolka" <radim.tobolka@xxxxxxxxx>
• Date: Tue, 20 Jan 2009 12:40:03 +0100 (CET)

---

Hello ssh users,
I would like to share my experience with openssh.
I had problem connecting to any server from my home
using ssh. However putty worked both under Windows
and Linux. I've tried setting up netcat tunnel
and connecting through it with ssh in following
way, which worked.

radim@targa ~ $netcat -Lserver.domain:22 -p10001 -vv
(in other terminal)
radim@targa ~ $ssh -lradim -vvv localhost -p10001

So it seemed there is some bug in openssh!

Plain ssh connection like

radim@targa ~ $ssh -lradim server.domain

asked for password and after successfull authentication
hanged up. With verbose option set, last three lines
before hangup said

debug2: channel 0: request shell confirm 1
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768

I've searched forums pretty thoroughly, but only thing I got
were few other users (pretty desperate) trying to solve
same problem with no reply.

So we've done research with my friend using tcpdump both
on server and client side. It came up, that either my ISP
(I have ADSL connection, provider Telefonica O2, Czech Republic)
in their DSLAM or my modem is blocking TCP packets with Type Of Service
set to interactive (tos==16).
OpenSSH sets tos interactive when it's going to give you new console.

I got the problem fixed with following rule aded to linux firewall

iptables -A OUTPUT -t mangle -p tcp --dport 22 -j TOS --set-tos 0x00

The connection works after this tweak.

At this point I would like to thank my friend Tomas,
who has greatly helped me resolving this problem.

I wish that fruits of our research will help other users with
same problem and that it will save their time and stress.

I see that this may not be only reason for strange behavior
described before.

Best regards (and metta too)

Radim

---

• Prev by Date: ssh question porting to the mac with openssl
• Next by Date: Re: Disconnecting: Bad packet length
• Previous by thread: ssh question porting to the mac with openssl
• Next by thread: Sftp Chroot and directory permissions within Chroot
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: What is The SSH? ... Building and Using SSH Tunnels ... What is an SSH tunnel? ... how to use it to make a connection to a server. ... You will need a working SSH client and server installation to build and test ... (microsoft.public.windows.server.networking) Re: how to map drive via ssh? ... I'm assuming that both machines (client and server) are running ... be tunnelled over an SSH connection, ... (comp.security.ssh) Re: Secure file sharing without OS X server? ... So I poked the GUI a bit - Finder, cmd-K, hit `Browse' in the `Connect ... to server' window, open the required server in the network browser, and ... them says `Allow secure connections using ssh'. ... `Can't make a secure connection to server ... (uk.comp.sys.mac) ssh connections hang; un-hang on subsequent connection ... I'm experiencing a strange problem with ssh connections to my ssh server ... I can make an initial connection to my ssh server fine. ... When I re-connect with ssh, the first session "thaws" and all ... (comp.security.ssh) RE: Re: Remote connections ... Compliments of Cygwin you can setup a SSH server on ... connection through the SSH connection. ... Aside from creating a VPN tunnel and then performing a Remote Desktop ... Server Terminal Services and XP and 2003 server Remote Desktop machines. ... (Focus-Microsoft)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)