On Feb 22, 2005, at 22:57, Jim Freeze wrote:
* Chad Leigh -- Shire.Net LLC <[EMAIL PROTECTED]> [2005-02-22 22:58:17 -0700]:
Just for giggles, what happens when you try a different encryption method with the ssl client? For example, -c blowfish
Ok, so I tried this, but it still locks up. However, I was able to do <RETURN>~C to get a command line and <RETURN>~^Z to background the ssh terminal, but I was never able to re-activate it.
I did manage to log the IP activity through tcp dump, and I discovered that after the 'lock up', there are no IP messages originating from the remote machine. Also, the IP blocks are of type FP, whatever that is. (Hmm, maybe I need to clear out the known hosts on the remote machine.)
An abbreviated version is below. The full log file is at:
http://www.freeze.org/tcpdump3b.log
00:22:59.999439 IP localhost.53245 > remotemachine.com.ssh: S 611378943:611378943(0) win 65535 <mss 1360,nop,wscale 0,nop,nop,timestamp 1996513030 0>
00:23:00.053942 IP remotemachine.com.ssh > localhost.53245: S 77400915:77400915(0) ack 611378944 win 57344 <mss 1460,nop,wscale 0,nop,nop,timestamp 1100668230 1996513030>
00:23:00.054039 IP localhost.53245 > remotemachine.com.ssh: . ack 1 win 65535 <nop,nop,timestamp 1996513030 1100668230>
00:23:00.331844 IP remotemachine.com.ssh > localhost.53245: P 1:24(23) ack 1 win 57964 <nop,nop,timestamp 1100668258 1996513030>
00:23:04.922358 IP localhost.53245 > remotemachine.com.ssh: . ack 3512 win 65535 <nop,nop,timestamp 1996513040 1100668711>
# Long break - remote terminal stops responding but data is still flowing as you can see.
# <RETURN>
00:34:05.662885 IP localhost.53245 > remotemachine.com.ssh: P 1519:1559(40) ack 3512 win 65535 <nop,nop,timestamp 1996514361 1100668711>
00:34:07.284836 IP localhost.53245 > remotemachine.com.ssh: P 1519:1559(40) ack 3512 win 65535 <nop,nop,timestamp 1996514364 1100668711>
00:34:09.285235 IP localhost.53245 > remotemachine.com.ssh: P 1519:1559(40) ack 3512 win 65535 <nop,nop,timestamp 1996514368 1100668711>
00:34:43.290382 IP localhost.53240 > remotemachine.com.ssh: FP 0:48(48) ack 1 win 65535 <nop,nop,timestamp 1996514436 1100663377>
# <RETURN>~?
00:35:09.294870 IP localhost.53245 > remotemachine.com.ssh: P 1519:1719(200) ack 3512 win 65535 <nop,nop,timestamp 1996514488 1100668711>
00:37:17.308387 IP localhost.53245 > remotemachine.com.ssh: FP 1519:2655(1136) ack 3512 win 65535 <nop,nop,timestamp 1996514744 1100668711>
#Closed terminal
The localhost is trying to send the 40 bytes in its buffer. It is not receiving and ACK from remotemachine so it retries until it eventually gives up. The F flag is localhost issuing a FIN to remotemachine to drop the TCP connection. It tries a couple times and then likewise gives up. I would recommend a ktrace on the server to see if it yields any additional information. My guess is that the sshd process has died. syslog might not be set to catch the error it may be generating. ktrace will show all the syslog calls.
_______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
