Re: SSH connection pause

On May 24, 7:51 pm, p...@xxxxxxxxxxxx (Per Hedeland) wrote:

<snip>

The IDENT connections go from server to client, which is one reason that
they occasionally cause "strange" problems. But per above and everything
else you wrote, this isn't a likely cause. Try running the *server* in
debug mode, you may get some clues from where the output pauses. And/or
if there is something like 'strace' or 'truss' on AIX, it can be very a
useful tool to figure out what is going on.

--Per Hedeland
p...@xxxxxxxxxxxx

Per, you suggested I try running the *server* in debug mode
(previously I've only been running the client in debug mode). This
sounds like a sensible course of action, so I gave it a go, and got
some pretty strange results.

I started the sshd in debug mode, after stopping the currently running
sshd server. I then tried connecting from the client that I've been
using all along and.... it connected with no delay. This I found very
odd, as it appeared that restarting the sshd had fixed the problem,
but I'd tried this before several times. Further investigation shows
that the sshd works fine until I attempt to connect to it from a
client that cannot be resolved via a reverse lookup. In this case, I
see output like "debug3: Trying to reverse map address <IP address>"
and it hangs like previously, which I guess is to be expected.

Now for the interesting bit ;-) If I then attempt a connection to the
server from the client who's address *can* be resolved via reverse
lookup.... it hangs again!?! As far as I can tell, the sshd works fine
until I attempt a connection from a source who cannot be reverse
looked up. Any subsequent connections, whether or not their addresses
can be resolved successfully will experience the pause during the
lookup. I don't understand why this is happening, but I intend to test
various scenarios to see if I can find a cause. This will be a little
difficult, as I can't just stop/start the sshd at any time. I might
look into starting the sshd in debug mode on a different port, so I
don't have to stop the currently running daemon.

Thanks for your help so far, I'll report back with what I find...

Cheers,
Neil


.

Relevant Pages

  • Re: ssh_exchange_identification uClinux problem
    ... By default sshd does not let root login into a server. ... Connection closed by foreign host. ... inetd started sshd or logged an error. ...
    (comp.security.ssh)
  • Re: ssh going zombie
    ... on the server kill the ssh server then restart it with the -d flag to put ... it into debug mode. ... and the ssh process hogs the processor on the server. ... subprocess is removed from the sshd config file the a sub sshd process ...
    (SSH)
  • Re: ssh login problem: Connection closed. Calling cleanup
    ... Another thing may be different options are enabled in debug mode. ... Crank the logging way up in sshd_config and run sshd ... >connection is dropped abruptly during the sequence of trying different auth ... Good judgement comes with experience. ...
    (comp.security.ssh)
  • Re: SSH connection pause
    ... Now for the interesting bit;-) If I then attempt a connection to the ... server from the client who's address *can* be resolved via reverse ... Daemon" that sat in front of all types of lookups (DNS, NIS, ... as I can't just stop/start the sshd at any time. ...
    (comp.security.ssh)
  • RE: Unable to connect to sshd on server inside firewall
    ... However, I rebuilt one of the client machines yesterday, and attempted the connection from a clean install of openssh. ... The biggest difficulty is the server is located in a different state, on a secure facility, so doing mods on it is a hassle. ... Unable to connect to sshd on server inside firewall ...
    (SSH)