Date: Wed, 23 Feb 2005 00:40:25 -0800 From: Doug Hardie <bc979@lafn.org> To: FreeBSD Questions <questions@freebsd.org> Subject: Re: SSH terminal locking up from OS X to FreeBSD Message-ID: <484781f62904b75e6279f2de584231c7@lafn.org> In-Reply-To: <20050223065749.GA14245@freeze.org> References: <20050222211148.GA39859@freeze.org> <421BAC56.4050801@daleco.biz> <20050222231352.GA34739@freeze.org> <57d710000502221532dbacb23@mail.gmail.com> <20050222233640.GD34739@freeze.org> <421BC3AB.8030203@mac.com> <20050223050420.GA38709@freeze.org> <4e89e37f3eff3502b8959501144502e0@shire.net> <20050223065749.GA14245@freeze.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Feb 22, 2005, at 22:57, Jim Freeze wrote: > * Chad Leigh -- Shire.Net LLC <chad@shire.net> [2005-02-22 22:58:17 > -0700]: > >> Just for giggles, what happens when you try a different encryption >> method with the ssl client? For example, -c blowfish > > Ok, so I tried this, but it still locks up. However, I was > able to do <RETURN>~C to get a command line and <RETURN>~^Z to > background the ssh terminal, but I was never able to re-activate > it. > > I did manage to log the IP activity through tcp dump, and I discovered > that after the 'lock up', there are no IP messages originating > from the remote machine. Also, the IP blocks are of type FP, > whatever that is. (Hmm, maybe I need to clear out the known hosts > on the remote machine.) > > An abbreviated version is below. > The full log file is at: > > http://www.freeze.org/tcpdump3b.log > > 00:22:59.999439 IP localhost.53245 > remotemachine.com.ssh: S > 611378943:611378943(0) win 65535 <mss 1360,nop,wscale > 0,nop,nop,timestamp 1996513030 0> > 00:23:00.053942 IP remotemachine.com.ssh > localhost.53245: S > 77400915:77400915(0) ack 611378944 win 57344 <mss 1460,nop,wscale > 0,nop,nop,timestamp 1100668230 1996513030> > 00:23:00.054039 IP localhost.53245 > remotemachine.com.ssh: . ack 1 > win 65535 <nop,nop,timestamp 1996513030 1100668230> > 00:23:00.331844 IP remotemachine.com.ssh > localhost.53245: P 1:24(23) > ack 1 win 57964 <nop,nop,timestamp 1100668258 1996513030> > 00:23:04.922358 IP localhost.53245 > remotemachine.com.ssh: . ack 3512 > win 65535 <nop,nop,timestamp 1996513040 1100668711> > # Long break - remote terminal stops responding but data is still > flowing as you can see. > # <RETURN> > 00:34:05.662885 IP localhost.53245 > remotemachine.com.ssh: P > 1519:1559(40) ack 3512 win 65535 <nop,nop,timestamp 1996514361 > 1100668711> > 00:34:07.284836 IP localhost.53245 > remotemachine.com.ssh: P > 1519:1559(40) ack 3512 win 65535 <nop,nop,timestamp 1996514364 > 1100668711> > 00:34:09.285235 IP localhost.53245 > remotemachine.com.ssh: P > 1519:1559(40) ack 3512 win 65535 <nop,nop,timestamp 1996514368 > 1100668711> > 00:34:43.290382 IP localhost.53240 > remotemachine.com.ssh: FP > 0:48(48) ack 1 win 65535 <nop,nop,timestamp 1996514436 1100663377> > # <RETURN>~? > 00:35:09.294870 IP localhost.53245 > remotemachine.com.ssh: P > 1519:1719(200) ack 3512 win 65535 <nop,nop,timestamp 1996514488 > 1100668711> > 00:37:17.308387 IP localhost.53245 > remotemachine.com.ssh: FP > 1519:2655(1136) ack 3512 win 65535 <nop,nop,timestamp 1996514744 > 1100668711> > #Closed terminal > The localhost is trying to send the 40 bytes in its buffer. It is not receiving and ACK from remotemachine so it retries until it eventually gives up. The F flag is localhost issuing a FIN to remotemachine to drop the TCP connection. It tries a couple times and then likewise gives up. I would recommend a ktrace on the server to see if it yields any additional information. My guess is that the sshd process has died. syslog might not be set to catch the error it may be generating. ktrace will show all the syslog calls.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?484781f62904b75e6279f2de584231c7>