[gentoo-user] SSH sessions hanging in VPN

[gentoo-user] SSH sessions hanging in VPN

[Alan McKinnon]

Hi all,

Not really directly related to Gentoo except that the workstation where it 
happens is a Gentoo machine :-)

Our VPN at work is a Juniper Secure Connect. I tend to have many konsole tabs 
running ssh at one time, as well as IMAP connections to Exchange and several 
browsers tabs to intranet sites. Occasionally, and apparently triggered 
randomly[1], all existing ssh sessions freeze and never come back (even after 
several hours). The connections are still up and do not die on the remote end. 
Mail connections stay up and the browser tabs continue to work as well[2].

I know the ssh sessions are alive on the other end as I can immediately log in 
in another konsole tab and that works just fine. Even after several hours the 
first sshd process does not timeout (timeouts are enabled). So it would seem 
that it's the return path going tits up. My next step is going to be running a 
trace and tcpdump on one of those existing session next time it happens.

Meanwhile, and this is my real question, how would I go about sensibly 
debugging this in a methodical manner? I'm going to have to get my security 
guys and routing guys to investigate but they will need real information to 
work with. Everything I can think of just reduces to throwing brown smelly 
stuff at the wall and hoping some of it sticks.



[1] By randomly I mean sometimes 4 times a day, sometimes nothing for several 
days. I have not seen a correlation to anything I'm doing that might trigger 
it.
[2] This is expected as HTTP is sessionless.

-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] SSH sessions hanging in VPN

[Neil Walker]

On 19/03/10 20:38, Alan McKinnon wrote:
> Occasionally, and apparently triggered 
> randomly[1], all existing ssh sessions freeze and never come back (even after 
> several hours). The connections are still up and do not die on the remote end. 
> Mail connections stay up and the browser tabs continue to work as well[2].
>   

It's probably totally unrelated but I have just been having problems
with one of
my servers since the openssh update a few days ago. SSH sessions were dieing
after a few minutes even when I was actively using them. I tried
everything I
could think of but couldn't trace the problem. In the end, emerge -C openssh
followed by emerge openssh cured it. <shrugs>


Be lucky,

Neil
http://www.neiljw.com


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: [gentoo-user] SSH sessions hanging in VPN

[Alan McKinnon]

On Saturday 20 March 2010 00:21:53 Neil Walker wrote:
> On 19/03/10 20:38, Alan McKinnon wrote:
> > Occasionally, and apparently triggered
> > randomly[1], all existing ssh sessions freeze and never come back (even
> > after several hours). The connections are still up and do not die on the
> > remote end. Mail connections stay up and the browser tabs continue to
> > work as well[2].
> 
> It's probably totally unrelated but I have just been having problems
> with one of
> my servers since the openssh update a few days ago. SSH sessions were
> dieing after a few minutes even when I was actively using them. I tried
> everything I
> could think of but couldn't trace the problem. In the end, emerge -C
> openssh followed by emerge openssh cured it. <shrugs>


I don't think you'r ebeing fair to yourself using that word "unrelated" ;-)

I've been on openssh-5.4 for about a fortnight now and I can't remember my 
problem happening before that. So you might be onto something.

I'm unmerging and remerging openssh right now, then I'll do some tests over 
the weekend and into next week. Who knows, maybe I get lucky too!


-- 
alan dot mckinnon at gmail dot com

[gentoo-user] Re: SSH sessions hanging in VPN

[walt]

On 03/19/2010 04:06 PM, Alan McKinnon wrote:

> I've been on openssh-5.4 for about a fortnight now...

I recall some quip from my school days about units always appearing in
technical journals in the most universal format, e.g. furlongs/fortnight.