Re: ssh tunnel delay
Hi, Can you launch the tunnel in verbose (-vvv) mode and send the logs? ssh -vvv -o ExitOnForwardFailure=yes -fN -L1110:localhost:1212 server Thank you Regards -- Juan Sierra Pons j...@elsotanillo.net Linux User Registered: #257202 http://www.elsotanillo.net GPG key = 0xA110F4FE Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE -- 2013/9/10 Sean Alexandre s...@alexan.org I'm seeing a delay when I attempt a connection through an ssh tunnel. The connection's fast without the tunnel, but has an inital 80 second delay with it. Here's the case that works, without the tunnel. I see lines I type echoed immediately: server nc -l -p 1212 client nc server 1212 But if instead I do this, the first line isn't seen for about 80 seconds. After that, everything's fine and lines appear immediately: server nc -l -p 1212 client ssh -o ExitOnForwardFailure=yes -fN -L1110:localhost:1212 server client nc localhost 1110 I can ssh to the server fine, with no delay. Any ideas why the tunnel has the delay? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130910101005.GA13051@tuzo
Re: ssh tunnel delay
On Tue, Sep 10, 2013 at 12:25:59PM +0200, Juan Sierra Pons wrote: Can you launch the tunnel in verbose (-vvv) mode and send the logs? ssh -vvv -o ExitOnForwardFailure=yes -fN -L1110:localhost:1212 server Here's what I'm seeing with -vvv: http://paste.debian.net/37873/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130910104403.GA13329@tuzo
Re: ssh tunnel delay
Hi, I don't see anything strange in the logs provided. Do you see anything strange in your dmesg, /var/log/daemon.log, etc? Is the DNS on the server's side working properly? Sometimes when the reverse DNS is not properly configure some TCP based services get some delay on first connection: ssh, mysql, etc Can a network issue be discarded. Please check with mtr: mtr remote server Not a solution but a very tiny improvement , launch the tunnel with the -C (compression) parameter. Best Regards -- Juan Sierra Pons j...@elsotanillo.net Linux User Registered: #257202 http://www.elsotanillo.net GPG key = 0xA110F4FE Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE -- 2013/9/10 Sean Alexandre s...@alexan.org On Tue, Sep 10, 2013 at 12:25:59PM +0200, Juan Sierra Pons wrote: Can you launch the tunnel in verbose (-vvv) mode and send the logs? ssh -vvv -o ExitOnForwardFailure=yes -fN -L1110:localhost:1212 server Here's what I'm seeing with -vvv: http://paste.debian.net/37873/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130910104403.GA13329@tuzo
Re: ssh tunnel delay
On Tue, Sep 10, 2013 at 01:11:17PM +0200, Juan Sierra Pons wrote: Hi, I don't see anything strange in the logs provided. Do you see anything strange in your dmesg, /var/log/daemon.log, etc? Is the DNS on the server's side working properly? Sometimes when the reverse DNS is not properly configure some TCP based services get some delay on first connection: ssh, mysql, etc Can a network issue be discarded. Please check with mtr: mtr remote server Not a solution but a very tiny improvement , launch the tunnel with the -C (compression) parameter. Thanks for looking at this. The other things you list look fine. I did notice something else with the log, though. Below I type the line hello. Then there's the 80 second delay. And then there's the log messages after the hello: debug1: Entering interactive session. client nc localhost 1110 hello debug1: Connection to port 1110 forwarding to localhost port 1212 requested. debug2: fd 6 setting TCP_NODELAY debug2: fd 6 setting O_NONBLOCK debug3: fd 6 is O_NONBLOCK debug1: channel 2: new [direct-tcpip] debug2: channel 2: open confirm rwindow 2097152 rmax 32768 I think the delay no longer happens, with subsequent lines, because TCP_NODELAY and O_NONBLOCK get set. I wonder if there's a way to configure things to set those from the start? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130910120513.GA14348@tuzo
Re: ssh tunnel delay
-- Juan Sierra Pons j...@elsotanillo.net Linux User Registered: #257202 http://www.elsotanillo.net GPG key = 0xA110F4FE Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE -- 2013/9/10 Sean Alexandre s...@alexan.org On Tue, Sep 10, 2013 at 01:11:17PM +0200, Juan Sierra Pons wrote: Hi, I don't see anything strange in the logs provided. Do you see anything strange in your dmesg, /var/log/daemon.log, etc? Is the DNS on the server's side working properly? Sometimes when the reverse DNS is not properly configure some TCP based services get some delay on first connection: ssh, mysql, etc Can a network issue be discarded. Please check with mtr: mtr remote server Not a solution but a very tiny improvement , launch the tunnel with the -C (compression) parameter. Thanks for looking at this. The other things you list look fine. I did notice something else with the log, though. Below I type the line hello. Then there's the 80 second delay. And then there's the log messages after the hello: debug1: Entering interactive session. client nc localhost 1110 hello debug1: Connection to port 1110 forwarding to localhost port 1212 requested. debug2: fd 6 setting TCP_NODELAY debug2: fd 6 setting O_NONBLOCK debug3: fd 6 is O_NONBLOCK debug1: channel 2: new [direct-tcpip] debug2: channel 2: open confirm rwindow 2097152 rmax 32768 I think the delay no longer happens, with subsequent lines, because TCP_NODELAY and O_NONBLOCK get set. I wonder if there's a way to configure things to set those from the start? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130910120513.GA14348@tuzo Hi, I have found a kind of workaround: http://www.gossamer-threads.com/lists/openssh/bugs/56042 If the ssh client is invoked with: ssh -N host -R port # TCP_NODELAY is not set ssh -n host -R port sleep 1d # TCP_NODELAY is set - this is a workaround Can you try to launch the tunnel without the -N parameter (maybe you can send later the tunnel to background) Regards -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CABS=y9v7VnDndH1zPVqX2wfD=trfvbta5f-9gb6gnzopro6...@mail.gmail.com
Re: ssh tunnel delay
On Tue, Sep 10, 2013 at 02:28:37PM +0200, Juan Sierra Pons wrote: 2013/9/10 Sean Alexandre s...@alexan.org On Tue, Sep 10, 2013 at 01:11:17PM +0200, Juan Sierra Pons wrote: Hi, I don't see anything strange in the logs provided. Do you see anything strange in your dmesg, /var/log/daemon.log, etc? Is the DNS on the server's side working properly? Sometimes when the reverse DNS is not properly configure some TCP based services get some delay on first connection: ssh, mysql, etc Can a network issue be discarded. Please check with mtr: mtr remote server Not a solution but a very tiny improvement , launch the tunnel with the -C (compression) parameter. Thanks for looking at this. The other things you list look fine. I did notice something else with the log, though. Below I type the line hello. Then there's the 80 second delay. And then there's the log messages after the hello: debug1: Entering interactive session. client nc localhost 1110 hello debug1: Connection to port 1110 forwarding to localhost port 1212 requested. debug2: fd 6 setting TCP_NODELAY debug2: fd 6 setting O_NONBLOCK debug3: fd 6 is O_NONBLOCK debug1: channel 2: new [direct-tcpip] debug2: channel 2: open confirm rwindow 2097152 rmax 32768 I think the delay no longer happens, with subsequent lines, because TCP_NODELAY and O_NONBLOCK get set. I wonder if there's a way to configure things to set those from the start? Hi, I have found a kind of workaround: http://www.gossamer-threads.com/lists/openssh/bugs/56042 If the ssh client is invoked with: ssh -N host -R port # TCP_NODELAY is not set ssh -n host -R port sleep 1d # TCP_NODELAY is set - this is a workaround Can you try to launch the tunnel without the -N parameter (maybe you can send later the tunnel to background) I get the same thing, unfortunately, with this: ssh -o IPQoS=lowdelay lowdelay -o ExitOnForwardFailure=yes -f -L1110:localhost:1212 skoki3 sleep 1d I've also added this line to /etc/ssh/sshd_config on the server, and restarted ssh there: IPQoS lowdelay lowdelay This bug report makes it sound like the bug's been fixed on Debian 7.0, but maybe not: Debian Bug report logs - #643312 openssh-client: IPQoS option ignored for AF_INET since 5.9p1-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643312 I've got version 1:6.0p1-4 of openssh-client. The bug report says the problems fixed there, but maybe not. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130910130754.GA14913@tuzo