ssh disconnect

I really like the linode, but I have more ssh disconnects than I have ever had with any service.

I'm talking about actively logged in and working on something and it suddenly stops responding.

I'm running a CentOS 5 linode up to current patch level, and I'm using CentOS 5 up to current patch level at home.

Other hosting services - I don't seem to ever have that problem. Sure, they will time me out if the ssh session is idle too long, but with the linode - it will suddenly stop responding sometimes when I've been connected for less than a minute.

Is there anything in my configuration that could be causing this?

I have the ssh daemon running on port 1294.

I'm on Dallas103

I'm using Latest 2.6 Series kernel

Sometimes - I can be connected for long periods, no problems - but other times, it just cuts me out right away.

Thank you for any suggestions.

16 Replies

Are you on an unreliable internet connection of sorts? Wireless? I've seen similar problems with people with wireless connections that have disconnects a lot. Hell I see it with my iphone 3g sometimes.

Also, if you're on a residential home internet connection, you could simply be losing connection at random times. The timeouts on the connection are probably lower than you're used to.

I'm on cable modem - but it does not happen when I connect to other servers I have ssh access to, only my linode.

@FunkyRes:

I'm on cable modem - but it does not happen when I connect to other servers I have ssh access to, only my linode.
What about a SSH connection to the host? Do pings get through to your host and/or guest during these resets? Do you have a (mentally challenged) ISP who likes to reset connections if they stay open for too long?

@mwalling:

@FunkyRes:

I'm on cable modem - but it does not happen when I connect to other servers I have ssh access to, only my linode.
What about a SSH connection to the host? Do pings get through to your host and/or guest during these resets? Do you have a (mentally challenged) ISP who likes to reset connections if they stay open for too long?

It can't be the ISP because it does not happen when I connect using the same computer and same OS and same SSH client over same connection to other hosts I have ssh access on.

When it disconnects, it is not a clean disconnect - the terminal window is essentially frozen, but I can connect from an different terminal window.

I am connecting to my static IP address, not using lish.

If this problem is unique to me, then it is clearly something between me and Dallas 103, but I don't see how it could be my ISP since ssh to other remote hosts does not have this problem.

@FunkyRes:

It can't be the ISP because it does not happen when I connect using the same computer and same OS and same SSH client over same connection to other hosts I have ssh access on.
Prove it.
@FunkyRes:

I am connecting to my static IP address, not using lish.
Which would not show if it was a problem with your Linode's firewall or sshd, or if it was a routing problem between your machine and the host.
@FunkyRes:

If this problem is unique to me, then it is clearly something between me and Dallas 103, but I don't see how it could be my ISP since ssh to other remote hosts does not have this problem.
ISPs are strange beasts… My old ISP would do one thing with packets destined for one part of the internet, but move that box to a totally different part of the internet, and that behavior is totally different. And yes, it was the ISP.

@mwalling:

@FunkyRes:

It can't be the ISP because it does not happen when I connect using the same computer and same OS and same SSH client over same connection to other hosts I have ssh access on.
Prove it.

What exactly are you suggesting?

That I am lying about the ability to have a stable ssh connection with other hosts?

What possible motivation could I have for that? What kind of proof do you seek?

> @FunkyRes:

I am connecting to my static IP address, not using lish.
Which would not show if it was a problem with your Linode's firewall or sshd, or if it was a routing problem between your machine and the host.

sshd on the host is CentOS 5.2 sshd, only configuration change is the port it runs on and IPv6 was disabled.

Firewall is configured via system-config-securitylevel-tui

SELinux disabled, all ports closed/filtered except 80,443,1294 - which I verified via remote nmap.

If you have a suggestion on locating where the issue is, I am definitely all ears.

The one thing I won't do is ssh into another host and then ssh into my linode - that could potentially demonstrate that the issue is between me and the linode but not between me and the other host or between the other host and the linode - but I really don't like to ssh into hosts from hosts I don't admin because you can't be completely sure the ssh daemon/client are genuine.

> @FunkyRes:

If this problem is unique to me, then it is clearly something between me and Dallas 103, but I don't see how it could be my ISP since ssh to other remote hosts does not have this problem.
ISPs are strange beasts… My old ISP would do one thing with packets destined for one part of the internet, but move that box to a totally different part of the internet, and that behavior is totally different. And yes, it was the ISP.

I really doubt it is the ISP.

I don't think anybody thinks you're lying… But there are ways to "prove" if the problem is with your ISP or not. Try connecting from a different location, such as your workplace or school. If you still get disconnected, it's probably not your ISP (provided that your workplace or school doesn't use the same cable company you use, which is unlikely).

Likewise, give Lish a try. Not the browser-based ajax version, but the real SSH version -- preferably using the same SSH client you've been using. If Lish doesn't disconnect, then the problem is internal to your linode. Otherwise the problem is between you and dallas103.

Or you could clone your linode to Newark and see what happens. That way, you can be sure if the problem is between your ISP and dallas103. It costs only $19 to set up a new 360, and you get a prorated refund as soon as you terminate it, so it will cost you no more than a couple of dollars to try this method.

@FunkyRes:

The one thing I won't do is ssh into another host and then ssh into my linode - that could potentially demonstrate that the issue is between me and the linode but not between me and the other host or between the other host and the linode - but I really don't like to ssh into hosts from hosts I don't admin because you can't be completely sure the ssh daemon/client are genuine. Open 2 SSH connections, one to Lish, one to your Linode. If your Linode resets, and Lish is still active, then something is wrong with your Linode. If they booth go poof, then there is something wrong somewhere else.

As Dr. House likes to say, "Everybody lies."

I guess what mwalling might be saying in his unusual manner is that since no one else seems to have your specific problem with ssh dropping connections, the burden of proof that it's Linode's fault falls on you.

s/unusual/usual/, but I appreciate the compliment. :)

Here's a traceroute -

traceroute to 72.14.177.39 (72.14.177.39), 30 hops max, 40 byte packets
 1  10.219.192.1 (10.219.192.1)  13.492 ms  13.801 ms  15.803 ms
 2  68-189-6-129.static.scrm.ca.charter.com (68.189.6.129)  16.900 ms  17.254 ms  19.825 ms
 3  71-93-62-17.static.snlo.ca.charter.com (71.93.62.17)  28.880 ms  29.284 ms  29.646 ms
 4  24-205-224-150.static.snlo.ca.charter.com (24.205.224.150)  30.672 ms  33.634 ms  34.267 ms
 5  63.150.8.45 (63.150.8.45)  38.518 ms  38.858 ms  39.187 ms
 6  svl-core-02.inet.qwest.net (205.171.14.150)  46.944 ms  33.100 ms  33.428 ms
 7  snj-core-01.inet.qwest.net (67.14.34.14)  36.264 ms  35.384 ms  34.421 ms
 8  sjp-brdr-01.inet.qwest.net (205.171.233.22)  35.465 ms  29.762 ms  34.251 ms
 9  192.205.33.109 (192.205.33.109)  115.758 ms  115.120 ms  112.644 ms
10  tbr2.sffca.ip.att.net (12.123.12.29)  70.698 ms  68.637 ms  71.838 ms
11  cr2.sffca.ip.att.net (12.122.19.69)  72.500 ms  68.237 ms  72.354 ms
12  cr2.la2ca.ip.att.net (12.122.31.133)  72.358 ms  72.104 ms  71.929 ms
13  cr2.dlstx.ip.att.net (12.122.28.177)  73.097 ms  71.244 ms  68.925 ms
14  tbr2.dlstx.ip.att.net (12.122.18.206)  69.026 ms  64.816 ms  65.590 ms
15  gar10.dlstx.ip.att.net (12.122.100.101)  66.600 ms  69.746 ms  70.417 ms
16  12.87.41.150 (12.87.41.150)  113.247 ms  113.238 ms  109.964 ms
17  te7-2.dsr02.dllstx3.theplanet.com (70.87.253.26)  70.812 ms  73.015 ms  73.016 ms
18  te1-3.dsr02.dllstx2.theplanet.com (70.87.253.122)  70.070 ms  68.937 ms 76.fd.5746.static.theplanet.com (70.87.253.118)  64.156 ms
19  vl1.car02.dllstx2.theplanet.com (12.96.160.12)  70.262 ms vl2.car01.dllstx2.theplanet.com (12.96.160.43)  73.495 ms  64.164 ms
20  li34-39.members.linode.com (72.14.177.39)  64.106 ms !X  63.161 ms !X  63.700 ms !X

Here's the changes I made to sshd config

Port 22

Port 1294

ListenAddress 0.0.0.0

ListenAddress ::

PermitRootLogin no

I'll try the lish and ssh connections and see what happens.

It's not uncommon for me to have two connections anyway.

It just happened again while fetching the sshd config info - logged on for less than 30 seconds. Here's from /var/log/secure:

Oct 10 02:34:59 li34-4 sshd[16696]: reverse mapping checking getaddrinfo for ***.static.scrm.or.charter.com failed - POSSIBLE BREAK-IN ATTEMPT!
Oct 10 02:35:03 li34-4 sshd[16696]: Accepted password for *** from *** port 56866 ssh2
Oct 10 02:35:03 li34-4 sshd[16696]: pam_unix(sshd:session): session opened for user *** by (uid=0)
Oct 10 02:35:16 li34-4 su: pam_unix(su-l:session): session opened for user root by ***(uid=***)
Oct 10 02:38:26 li34-4 sshd[16732]: reverse mapping checking getaddrinfo for ***.static.scrm.or.charter.com failed - POSSIBLE BREAK-IN ATTEMPT!
Oct 10 02:38:29 li34-4 sshd[16732]: Accepted password for *** from *** port 50002 ssh2
Oct 10 02:38:29 li34-4 sshd[16732]: pam_unix(sshd:session): session opened for user *** by (uid=0)
Oct 10 02:38:41 li34-4 su: pam_unix(su-l:session): session opened for user root by ***(uid=***)

The first login was my login to fetch the info from sshdconfig - which hung quickly.

The second login was to read /var/log/secure to see if it had any messages - none. That second connection still has not hung.

*** are stuff I don't want public.

@atourino:

I guess what mwalling might be saying in his unusual manner is that since no one else seems to have your specific problem with ssh dropping connections, the burden of proof that it's Linode's fault falls on you.

I did not claim it was linode's fault.

In fact, I specifically asked if there was something in my configuration that could be causing this.

Try directly binding sshd to your static ip address.

You might want to check if port 1294 is a known virus/spammer port (it could be ISP, maybe, but I doubt it as well.)

@FunkyRes:

sshd on the host is CentOS 5.2 sshd, only configuration change is the port it runs on and IPv6 was disabled.

Do those other hosts you have SSH access to also use non-standard ports for SSH? It would not surprise me in the least to find out that an ISP is monkeying with encrypted connections on ports which aren't used much. Plenty of ISP boneheads think any traffic they can't "identify" must be malicious so their "security" policy will block or drop those connections when the inspection system gets around to looking at them.

I'd suggest having your SSHd listen on port 22 for a few days and see if you still experience problems. If the problems go away, there are boneheads working at your ISP. If they don't go away, well, keep looking for a solution.

–James

It just happened with another host.

So … my guess it is either a new problem with my ISP or a new problem with my home network (IE my router or cable modem getting a little old) - and the reason I noticed it when connecting to the linode because I've been connecting to linode most often past few days.

It's time for you to run some traces, don't think you'll need to run ssldump since you're only looking for disconnects.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct