ssh disconnect
I'm talking about actively logged in and working on something and it suddenly stops responding.
I'm running a CentOS 5 linode up to current patch level, and I'm using CentOS 5 up to current patch level at home.
Other hosting services - I don't seem to ever have that problem. Sure, they will time me out if the ssh session is idle too long, but with the linode - it will suddenly stop responding sometimes when I've been connected for less than a minute.
Is there anything in my configuration that could be causing this?
I have the ssh daemon running on port 1294.
I'm on Dallas103
I'm using Latest 2.6 Series kernel
Sometimes - I can be connected for long periods, no problems - but other times, it just cuts me out right away.
Thank you for any suggestions.
16 Replies
Also, if you're on a residential home internet connection, you could simply be losing connection at random times. The timeouts on the connection are probably lower than you're used to.
@FunkyRes:
I'm on cable modem - but it does not happen when I connect to other servers I have ssh access to, only my linode.
What about a SSH connection to the host? Do pings get through to your host and/or guest during these resets? Do you have a (mentally challenged) ISP who likes to reset connections if they stay open for too long?
@mwalling:
@FunkyRes:I'm on cable modem - but it does not happen when I connect to other servers I have ssh access to, only my linode.
What about a SSH connection to the host? Do pings get through to your host and/or guest during these resets? Do you have a (mentally challenged) ISP who likes to reset connections if they stay open for too long?
It can't be the ISP because it does not happen when I connect using the same computer and same OS and same SSH client over same connection to other hosts I have ssh access on.
When it disconnects, it is not a clean disconnect - the terminal window is essentially frozen, but I can connect from an different terminal window.
I am connecting to my static IP address, not using lish.
If this problem is unique to me, then it is clearly something between me and Dallas 103, but I don't see how it could be my ISP since ssh to other remote hosts does not have this problem.
@FunkyRes:
It can't be the ISP because it does not happen when I connect using the same computer and same OS and same SSH client over same connection to other hosts I have ssh access on.
Prove it.
@FunkyRes:I am connecting to my static IP address, not using lish.
Which would not show if it was a problem with your Linode's firewall or sshd, or if it was a routing problem between your machine and the host.
@FunkyRes:If this problem is unique to me, then it is clearly something between me and Dallas 103, but I don't see how it could be my ISP since ssh to other remote hosts does not have this problem.
ISPs are strange beasts… My old ISP would do one thing with packets destined for one part of the internet, but move that box to a totally different part of the internet, and that behavior is totally different. And yes, it was the ISP.
@mwalling:
@FunkyRes:It can't be the ISP because it does not happen when I connect using the same computer and same OS and same SSH client over same connection to other hosts I have ssh access on.
Prove it.
What exactly are you suggesting?
That I am lying about the ability to have a stable ssh connection with other hosts?
What possible motivation could I have for that? What kind of proof do you seek?
>
@FunkyRes:
I am connecting to my static IP address, not using lish.
Which would not show if it was a problem with your Linode's firewall or sshd, or if it was a routing problem between your machine and the host.
sshd on the host is CentOS 5.2 sshd, only configuration change is the port it runs on and IPv6 was disabled.
Firewall is configured via system-config-securitylevel-tui
SELinux disabled, all ports closed/filtered except 80,443,1294 - which I verified via remote nmap.
If you have a suggestion on locating where the issue is, I am definitely all ears.
The one thing I won't do is ssh into another host and then ssh into my linode - that could potentially demonstrate that the issue is between me and the linode but not between me and the other host or between the other host and the linode - but I really don't like to ssh into hosts from hosts I don't admin because you can't be completely sure the ssh daemon/client are genuine.
>
@FunkyRes:
If this problem is unique to me, then it is clearly something between me and Dallas 103, but I don't see how it could be my ISP since ssh to other remote hosts does not have this problem.
ISPs are strange beasts… My old ISP would do one thing with packets destined for one part of the internet, but move that box to a totally different part of the internet, and that behavior is totally different. And yes, it was the ISP.
I really doubt it is the ISP.
Likewise, give Lish a try. Not the browser-based ajax version, but the real SSH version -- preferably using the same SSH client you've been using. If Lish doesn't disconnect, then the problem is internal to your linode. Otherwise the problem is between you and dallas103.
Or you could clone your linode to Newark and see what happens. That way, you can be sure if the problem is between your ISP and dallas103. It costs only $19 to set up a new 360, and you get a prorated refund as soon as you terminate it, so it will cost you no more than a couple of dollars to try this method.
@FunkyRes:
The one thing I won't do is ssh into another host and then ssh into my linode - that could potentially demonstrate that the issue is between me and the linode but not between me and the other host or between the other host and the linode - but I really don't like to ssh into hosts from hosts I don't admin because you can't be completely sure the ssh daemon/client are genuine. Open 2 SSH connections, one to Lish, one to your Linode. If your Linode resets, and Lish is still active, then something is wrong with your Linode. If they booth go poof, then there is something wrong somewhere else.
As Dr. House likes to say, "Everybody lies."
traceroute to 72.14.177.39 (72.14.177.39), 30 hops max, 40 byte packets
1 10.219.192.1 (10.219.192.1) 13.492 ms 13.801 ms 15.803 ms
2 68-189-6-129.static.scrm.ca.charter.com (68.189.6.129) 16.900 ms 17.254 ms 19.825 ms
3 71-93-62-17.static.snlo.ca.charter.com (71.93.62.17) 28.880 ms 29.284 ms 29.646 ms
4 24-205-224-150.static.snlo.ca.charter.com (24.205.224.150) 30.672 ms 33.634 ms 34.267 ms
5 63.150.8.45 (63.150.8.45) 38.518 ms 38.858 ms 39.187 ms
6 svl-core-02.inet.qwest.net (205.171.14.150) 46.944 ms 33.100 ms 33.428 ms
7 snj-core-01.inet.qwest.net (67.14.34.14) 36.264 ms 35.384 ms 34.421 ms
8 sjp-brdr-01.inet.qwest.net (205.171.233.22) 35.465 ms 29.762 ms 34.251 ms
9 192.205.33.109 (192.205.33.109) 115.758 ms 115.120 ms 112.644 ms
10 tbr2.sffca.ip.att.net (12.123.12.29) 70.698 ms 68.637 ms 71.838 ms
11 cr2.sffca.ip.att.net (12.122.19.69) 72.500 ms 68.237 ms 72.354 ms
12 cr2.la2ca.ip.att.net (12.122.31.133) 72.358 ms 72.104 ms 71.929 ms
13 cr2.dlstx.ip.att.net (12.122.28.177) 73.097 ms 71.244 ms 68.925 ms
14 tbr2.dlstx.ip.att.net (12.122.18.206) 69.026 ms 64.816 ms 65.590 ms
15 gar10.dlstx.ip.att.net (12.122.100.101) 66.600 ms 69.746 ms 70.417 ms
16 12.87.41.150 (12.87.41.150) 113.247 ms 113.238 ms 109.964 ms
17 te7-2.dsr02.dllstx3.theplanet.com (70.87.253.26) 70.812 ms 73.015 ms 73.016 ms
18 te1-3.dsr02.dllstx2.theplanet.com (70.87.253.122) 70.070 ms 68.937 ms 76.fd.5746.static.theplanet.com (70.87.253.118) 64.156 ms
19 vl1.car02.dllstx2.theplanet.com (12.96.160.12) 70.262 ms vl2.car01.dllstx2.theplanet.com (12.96.160.43) 73.495 ms 64.164 ms
20 li34-39.members.linode.com (72.14.177.39) 64.106 ms !X 63.161 ms !X 63.700 ms !X
Here's the changes I made to sshd config
Port 22
Port 1294
ListenAddress 0.0.0.0
ListenAddress ::
PermitRootLogin no
I'll try the lish and ssh connections and see what happens.
It's not uncommon for me to have two connections anyway.
It just happened again while fetching the sshd config info - logged on for less than 30 seconds. Here's from /var/log/secure:
Oct 10 02:34:59 li34-4 sshd[16696]: reverse mapping checking getaddrinfo for ***.static.scrm.or.charter.com failed - POSSIBLE BREAK-IN ATTEMPT!
Oct 10 02:35:03 li34-4 sshd[16696]: Accepted password for *** from *** port 56866 ssh2
Oct 10 02:35:03 li34-4 sshd[16696]: pam_unix(sshd:session): session opened for user *** by (uid=0)
Oct 10 02:35:16 li34-4 su: pam_unix(su-l:session): session opened for user root by ***(uid=***)
Oct 10 02:38:26 li34-4 sshd[16732]: reverse mapping checking getaddrinfo for ***.static.scrm.or.charter.com failed - POSSIBLE BREAK-IN ATTEMPT!
Oct 10 02:38:29 li34-4 sshd[16732]: Accepted password for *** from *** port 50002 ssh2
Oct 10 02:38:29 li34-4 sshd[16732]: pam_unix(sshd:session): session opened for user *** by (uid=0)
Oct 10 02:38:41 li34-4 su: pam_unix(su-l:session): session opened for user root by ***(uid=***)
The first login was my login to fetch the info from sshdconfig - which hung quickly.
The second login was to read /var/log/secure to see if it had any messages - none. That second connection still has not hung.
*** are stuff I don't want public.
@atourino:
I guess what mwalling might be saying in his unusual manner is that since no one else seems to have your specific problem with ssh dropping connections, the burden of proof that it's Linode's fault falls on you.
I did not claim it was linode's fault.
In fact, I specifically asked if there was something in my configuration that could be causing this.
You might want to check if port 1294 is a known virus/spammer port (it could be ISP, maybe, but I doubt it as well.)
@FunkyRes:
sshd on the host is CentOS 5.2 sshd, only configuration change is the port it runs on and IPv6 was disabled.
Do those other hosts you have SSH access to also use non-standard ports for SSH? It would not surprise me in the least to find out that an ISP is monkeying with encrypted connections on ports which aren't used much. Plenty of ISP boneheads think any traffic they can't "identify" must be malicious so their "security" policy will block or drop those connections when the inspection system gets around to looking at them.
I'd suggest having your SSHd listen on port 22 for a few days and see if you still experience problems. If the problems go away, there are boneheads working at your ISP. If they don't go away, well, keep looking for a solution.
–James
So … my guess it is either a new problem with my ISP or a new problem with my home network (IE my router or cable modem getting a little old) - and the reason I noticed it when connecting to the linode because I've been connecting to linode most often past few days.