[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Do I have an ssh problem?

Jonathan Underwood wrote:
On 11/09/2007, Les <hlhowell pacbell net> wrote:

I had the same problem on FC6.  I asked lots of questions got lots of
advice leading to iptables in the firewall being part of the problem.
Finally I turned off the firewall, and things worked ok.  I am now
slowly going through the iptables and playing with combinations, to see
what in there is mucking up the transfers.  But it seems related to
several things affecting different bits of the process.
I can't isolate it well yet.

If you have a separate firewall isolating you from the net threats as I
do, then you can pretty safely turn off the machines firewall and see if
it helps.

I have had probelms with scp of large files between two boxes  each
behind a firewall - the scp would stalll after a few kb (the machine
wouldn't crash though). Turns out that one of the firewalls was
somehow causing many packets to be out of the TCP window.

doing an

echo 1 > /proc/sys/netfilter/nf_conntrack_tcp_be_liberal

fixed that for me. To make it persistent accross rebotts you need to
add this line to /etc/sysctl.conf

net.netfilter.nf_conntrack_tcp_be_liberal = 1

Now I have to go read exactly what that is supposed to do.

Another thing you might want to turn off is tcp window scaling - read
about that here:


However, I would not have expected any of these things to cause a box to hang.

Now there I have never seen a problem, and I have boxen from RH8, RH9, FC1, FC[4567] running, all with advanced window scaling set to 5 (and on, obviously). In particular, my FC4 laptop may run wireless or plugged in, so speeds are quite different. I did transfer some DVD images FC7 to FC4 with no issue. What does it say that I find a 4GB xfer easier than walking up three flights of stairs and back?

I have transferred cpio data of ~1GB,
  find images -type f -mnewer lastsync | cpio -o -Hcrc |
  ssh foo "cd images && cpio -idm"
and that worked, all using large windows.

FWIW I also do NFS using 9k jumbo packets and GigE between FC1 and FC6, and I moved ~700GB doing that. That points away from a network volume issue in FC7. The NFS uses TCP not UDP for reasons not related to hanging.

Final thought, I use blowfish encryption, but a fail in ssh/sshd wouldn't stop a system in any case.

Bill Davidsen <davidsen tmr com>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]