Re: Do I have an ssh problem?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Jonathan Underwood wrote:

On 11/09/2007, Les <hlhowell@xxxxxxxxxxx> wrote:


I had the same problem on FC6.  I asked lots of questions got lots of
advice leading to iptables in the firewall being part of the problem.
Finally I turned off the firewall, and things worked ok.  I am now
slowly going through the iptables and playing with combinations, to see
what in there is mucking up the transfers.  But it seems related to
several things affecting different bits of the process.
I can't isolate it well yet.

If you have a separate firewall isolating you from the net threats as I
do, then you can pretty safely turn off the machines firewall and see if
it helps.



I have had probelms with scp of large files between two boxes  each
behind a firewall - the scp would stalll after a few kb (the machine
wouldn't crash though). Turns out that one of the firewalls was
somehow causing many packets to be out of the TCP window.

doing an

echo 1 > /proc/sys/netfilter/nf_conntrack_tcp_be_liberal

fixed that for me. To make it persistent accross rebotts you need to
add this line to /etc/sysctl.conf

net.netfilter.nf_conntrack_tcp_be_liberal = 1


Now I have to go read exactly what that is supposed to do.


Another thing you might want to turn off is tcp window scaling - read
about that here:

http://lwn.net/Articles/92727/

However, I would not have expected any of these things to cause a box to hang.
Now there I have never seen a problem, and I have boxen from RH8, RH9, FC1, FC[4567] running, all with advanced window scaling set to 5 (and on, obviously). In particular, my FC4 laptop may run wireless or plugged in, so speeds are quite different. I did transfer some DVD images FC7 to FC4 with no issue. What does it say that I find a 4GB xfer easier than walking up three flights of stairs and back? 

I have transferred cpio data of ~1GB,
  find images -type f -mnewer lastsync | cpio -o -Hcrc |
  ssh foo "cd images && cpio -idm"
and that worked, all using large windows.
FWIW I also do NFS using 9k jumbo packets and GigE between FC1 and FC6, and I moved ~700GB doing that. That points away from a network volume issue in FC7. The NFS uses TCP not UDP for reasons not related to hanging.
Final thought, I use blowfish encryption, but a fail in ssh/sshd wouldn't stop a system in any case. 

--
Bill Davidsen <davidsen@xxxxxxx>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux