Re: Ultra 5 SSH/Ethernet Lockup
On Tue, 15 Apr 2003 17:33:11 -0400 Tom Vier [EMAIL PROTECTED] wrote: On Tue, Apr 15, 2003 at 06:50:24AM +0100, Francis Devereux wrote: ssh needs a source of randomness to operate (/dev/random), which in turn needs a pool of entropy which is fed from things like the keyboard interrupt. Your lockups could be caused by sshd stalling because the entropy pool is empty - can you try the following: are you sure it uses /dev/random? except for key generation, it should use/dev/urandom. No, I'm not sure. If it is using /dev/urandom then the lockups can't be being caused by the entropy pool becoming empty, because /dev/urandom won't block in this case like /dev/random would, right? Francis
Re: Ultra 5 SSH/Ethernet Lockup
On Wed, Apr 16, 2003 at 08:14:49AM +0100, Francis Devereux wrote: On Tue, 15 Apr 2003 17:33:11 -0400 Tom Vier [EMAIL PROTECTED] wrote: On Tue, Apr 15, 2003 at 06:50:24AM +0100, Francis Devereux wrote: ssh needs a source of randomness to operate (/dev/random), which in turn needs a pool of entropy which is fed from things like the keyboard interrupt. Your lockups could be caused by sshd stalling because the entropy pool is empty - can you try the following: are you sure it uses /dev/random? except for key generation, it should use/dev/urandom. No, I'm not sure. If it is using /dev/urandom then the lockups can't be being caused by the entropy pool becoming empty, because /dev/urandom won't block in this case like /dev/random would, right? Look, I have a U5 with nothing running except ssh so I can login and do kernel builds. It has never locked up like this. Since the only difference between your U5 and mine is that your physical hardware is not mine (meaning maybe you have memory errors, or cpu/fpu is too hot and is producing problems) and you are behind a firewire, I'd go with one of those problems. -- Debian - http://www.debian.org/ Linux 1394 - http://www.linux1394.org/ Subversion - http://subversion.tigris.org/ Deqo - http://www.deqo.com/
Re: Ultra 5 SSH/Ethernet Lockup
Francis Devereux [EMAIL PROTECTED] writes: No, I'm not sure. If it is using /dev/urandom then the lockups can't be being caused by the entropy pool becoming empty, because /dev/urandom won't block in this case like /dev/random would, right? The symptoms didn't look consistent with ssh not getting entropy anyway. For what it's worth, it uses /dev/urandom (via the openssl library). $ strings /usr/lib/v9/libcrypto.so.0.9.6 | egrep /dev/u?random /dev/urandom $ It would also be clear from strace.
Re: Ultra 5 SSH/Ethernet Lockup
Since the only difference between your U5 and mine is that your physical hardware is not mine (meaning maybe you have memory errors, or cpu/fpu is too hot and is producing problems) and you are behind a firewire, I'd go with one of those problems. Of course I means a firewall. -- Debian - http://www.debian.org/ Linux 1394 - http://www.linux1394.org/ Subversion - http://subversion.tigris.org/ Deqo - http://www.deqo.com/
Re: Ultra 5 SSH/Ethernet Lockup
Have you checked the duplex settings on the card? I saw similar things with my Ultra 5's connecting to Cisco switches because autonegotiation wasn't working properly, and the U5's were setting themselves to half-duplex. If I pushed enough traffic across the line when the duplexes didn't match, they'd lock up. I don't know if it's a problem with just the build-in ethernet or with U5's in general. If you've got the ethtool package installed (apt-get install ethtool), try running ethtool eth0 and check to see if everything looks right. I had to use ethtool to turn off autonegotiation and force full duplex at boot. Kristjan Onu wrote: Also for what it's worth, I haven't seen such problems into a U5, either with the Woody libssl or later 0.9.6 ones with v9 optimization. I'm glad to hear others are successfully using U5s. I'm leaning toward saying there's a hardware problem, but it must not be with the network card since I've tried the built-in network card as well as a 3Com. Can anyone suggest where else to look? (I think I've heard compiling a kernel is a good way to test memory.) Any log files that might point to faulty hardware? One point I forgot to mention in my original post is that connecting from the server back to itself (ie. ssh localhost) seems to work without fail. I mentioned my problem in an OpenSSH bug report (http://bugzilla.mindrot.org/show_bug.cgi?id=538), and one person asked if my server uses ssh-rand-helper. I don't know if Debian does or not, could one of you please tell me.
Re: Ultra 5 SSH/Ethernet Lockup
On Tue, 15 Apr 2003 00:46:37 + (UTC) Kristjan Onu [EMAIL PROTECTED] wrote: Also for what it's worth, I haven't seen such problems into a U5, either with the Woody libssl or later 0.9.6 ones with v9 optimization. I'm glad to hear others are successfully using U5s. I'm leaning toward saying there's a hardware problem, but it must not be with the network card since I've tried the built-in network card as well as a 3Com. Can anyone suggest where else to look? (I think I've heard compiling a kernel is a good way to test memory.) Any log files that might point to faulty hardware? One point I forgot to mention in my original post is that connecting from the server back to itself (ie. ssh localhost) seems to work without fail. ssh needs a source of randomness to operate (/dev/random), which in turn needs a pool of entropy which is fed from things like the keyboard interrupt. Your lockups could be caused by sshd stalling because the entropy pool is empty - can you try the following: 1) ssh to the U5 remotely 2) use the ssh connection until it locks up 3) go over and press some keys on the U5's keyboard and see if the hang is (temporarily) resolved. If so you could try allowing entropy to be gathered from more sources, I can't remember how to do this but googling should give you the answer... Francis
Re: Ultra 5 SSH/Ethernet Lockup
fwiw, i haven't had any lockups, but ssh'ing from my 270mhz ultra5, it takes much longer for the passwd prompt to appear than it does from even an old 166mhz pentium. Same here, my Debian Ultra 60 has the slowest ssh-login on all the machines I can login to. I've had a look at the logfiles and made a verbose login but couldn't find anything. But the thing about not enough entropy is an interesting thought. The installation is very much stripped down with only the most necessary things running. No X, no mouse, no unnecessary daemons... Got to dig a bit deeper into that. Arthur
Re: Ultra 5 SSH/Ethernet Lockup
On Tue, Apr 15, 2003 at 06:50:24AM +0100, Francis Devereux wrote: ssh needs a source of randomness to operate (/dev/random), which in turn needs a pool of entropy which is fed from things like the keyboard interrupt. Your lockups could be caused by sshd stalling because the entropy pool is empty - can you try the following: are you sure it uses /dev/random? except for key generation, it should use /dev/urandom. -- Tom Vier [EMAIL PROTECTED] DSA Key ID 0xE6CB97DA
Re: Ultra 5 SSH/Ethernet Lockup
Ben Collins [EMAIL PROTECTED] writes: You need the v8/v9 optimized libssl. They are in unstable, or check this list's archives for pre-built ones for woody. For what it's worth, it's in testing and just requires a libc upgrade to install. (If you install unofficial debs, check that they're up-to-date, with security holes fixed.)
Re: Ultra 5 SSH/Ethernet Lockup
Kristjan Onu [EMAIL PROTECTED] writes: I'm glad to hear others are successfully using U5s. Not conclusive of anything, of course. I mentioned my problem in an OpenSSH bug report (http://bugzilla.mindrot.org/show_bug.cgi?id=538), and one person asked if my server uses ssh-rand-helper. I don't know if Debian does or not, could one of you please tell me. It doesn't, since Linux has /dev/urandom. This is the Kerberized version, but the vanilla one should be the same: $ dpkg -L ssh-krb5|grep rand-help $
Re: Ultra 5 SSH/Ethernet Lockup
fwiw, i haven't had any lockups, but ssh'ing from my 270mhz ultra5, it takes much longer for the passwd prompt to appear than it does from even an old 166mhz pentium. -- Tom Vier [EMAIL PROTECTED] DSA Key ID 0xE6CB97DA
Re: Ultra 5 SSH/Ethernet Lockup
Kristjan Onu [EMAIL PROTECTED] writes: With my Woody installation, the directories you mention did not exist. Installing libssl0.9.7 (and ssh 3.6.1p1-1) did put files into /usr/lib/v9. Moving them out of the way as you suggest seems to help at least a little, For what it's worth, the major effect of removing the v9 libraries is probably to slow down certain crypto operations significantly, so perhaps that affects some timing issue somewhere. Also for what it's worth, I haven't seen such problems into a U5, either with the Woody libssl or later 0.9.6 ones with v9 optimization.
Re: Ultra 5 SSH/Ethernet Lockup
On Mon, Apr 14, 2003 at 05:32:48PM -0400, Tom Vier wrote: fwiw, i haven't had any lockups, but ssh'ing from my 270mhz ultra5, it takes much longer for the passwd prompt to appear than it does from even an old 166mhz pentium. You need the v8/v9 optimized libssl. They are in unstable, or check this list's archives for pre-built ones for woody. -- Debian - http://www.debian.org/ Linux 1394 - http://www.linux1394.org/ Subversion - http://subversion.tigris.org/ Deqo - http://www.deqo.com/
Re: Ultra 5 SSH/Ethernet Lockup
Also for what it's worth, I haven't seen such problems into a U5, either with the Woody libssl or later 0.9.6 ones with v9 optimization. I'm glad to hear others are successfully using U5s. I'm leaning toward saying there's a hardware problem, but it must not be with the network card since I've tried the built-in network card as well as a 3Com. Can anyone suggest where else to look? (I think I've heard compiling a kernel is a good way to test memory.) Any log files that might point to faulty hardware? One point I forgot to mention in my original post is that connecting from the server back to itself (ie. ssh localhost) seems to work without fail. I mentioned my problem in an OpenSSH bug report (http://bugzilla.mindrot.org/show_bug.cgi?id=538), and one person asked if my server uses ssh-rand-helper. I don't know if Debian does or not, could one of you please tell me.
Re: Ultra 5 SSH/Ethernet Lockup
It looks to me like you are ssh'ing from behind a firewall (using ipv4) that has a very short timeout for tcp connections. does this happen between local machines as well??? If this is the case than it is not related to which ethernet card you use or which protocol... but just to the firewall setup. Fabio On Sun, 13 Apr 2003, Kristjan Onu wrote: I have Woody installed on an Ultra 5. Frequently SSH sessions to this machine seem to lockup. Specifically, I have observed the following: SSH connections to the U5 box using SSH Protocol 2 almost always fail before the key exchange can complete. With SSH Protocol 1 I can login and work for a few minutes, but the connection still freezes after a little while. Using a 3Com NIC rather than the built-in NIC, the problem does not go away. I tried to connect to my network using a different network jack, but the problem persisted. Although one SSH session may freeze, I can successfully open new SSH sessions (ie. without having to reboot.) As best I can tell, no error messages are produced in the log files when the SSH session freezes. Using kernel-image-2.2.20-sun4u instead of kernel-image-2.4.19-sun4u does not seem to help. I would be grateful if anyone could tell me what might be the source of my problems. Thank you, Kristjan Onu -- Our mission: make IPv6 the default IP protocol We are on a mission from God - Elwood Blues http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp4.html
Re: Ultra 5 SSH/Ethernet Lockup
On Sun, Apr 13, 2003 at 07:36:31AM +, Kristjan Onu wrote: I have Woody installed on an Ultra 5. Frequently SSH sessions to this machine seem to lockup. Specifically, I have observed the following: I would blame ssh or libssl. You can also try disabling the v9 optimized ssl libraries by moving /lib/v9 and /usr/lib/v9 out of the way to some temporary place (libssl has v9 optimized libs), then rerun ldconfig and restart sshd. -- Debian - http://www.debian.org/ Linux 1394 - http://www.linux1394.org/ Subversion - http://subversion.tigris.org/ Deqo - http://www.deqo.com/
