From owner-freebsd-questions@FreeBSD.ORG Wed Feb 23 08:40:28 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 76FBE16A4CE for ; Wed, 23 Feb 2005 08:40:28 +0000 (GMT) Received: from zoot.lafn.org (zoot.lafn.ORG [206.117.18.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 24FF243D48 for ; Wed, 23 Feb 2005 08:40:28 +0000 (GMT) (envelope-from bc979@lafn.org) Received: from [10.0.1.90] ([4.28.157.47]) (authenticated bits=0) by zoot.lafn.org (8.13.1/8.13.1) with ESMTP id j1N8eQWI030520 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO) for ; Wed, 23 Feb 2005 00:40:27 -0800 (PST) (envelope-from bc979@lafn.org) Mime-Version: 1.0 (Apple Message framework v619.2) In-Reply-To: <20050223065749.GA14245@freeze.org> References: <20050222211148.GA39859@freeze.org> <421BAC56.4050801@daleco.biz> <20050222231352.GA34739@freeze.org> <57d710000502221532dbacb23@mail.gmail.com> <20050222233640.GD34739@freeze.org> <421BC3AB.8030203@mac.com> <20050223050420.GA38709@freeze.org> <4e89e37f3eff3502b8959501144502e0@shire.net> <20050223065749.GA14245@freeze.org> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <484781f62904b75e6279f2de584231c7@lafn.org> Content-Transfer-Encoding: 7bit From: Doug Hardie Date: Wed, 23 Feb 2005 00:40:25 -0800 To: FreeBSD Questions X-Mailer: Apple Mail (2.619.2) X-Virus-Scanned: ClamAV version 0.82, clamav-milter version 0.82 on zoot.lafn.org X-Virus-Status: Clean Subject: Re: SSH terminal locking up from OS X to FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Feb 2005 08:40:28 -0000 On Feb 22, 2005, at 22:57, Jim Freeze wrote: > * Chad Leigh -- Shire.Net LLC [2005-02-22 22:58:17 > -0700]: > >> Just for giggles, what happens when you try a different encryption >> method with the ssl client? For example, -c blowfish > > Ok, so I tried this, but it still locks up. However, I was > able to do ~C to get a command line and ~^Z to > background the ssh terminal, but I was never able to re-activate > it. > > I did manage to log the IP activity through tcp dump, and I discovered > that after the 'lock up', there are no IP messages originating > from the remote machine. Also, the IP blocks are of type FP, > whatever that is. (Hmm, maybe I need to clear out the known hosts > on the remote machine.) > > An abbreviated version is below. > The full log file is at: > > http://www.freeze.org/tcpdump3b.log > > 00:22:59.999439 IP localhost.53245 > remotemachine.com.ssh: S > 611378943:611378943(0) win 65535 0,nop,nop,timestamp 1996513030 0> > 00:23:00.053942 IP remotemachine.com.ssh > localhost.53245: S > 77400915:77400915(0) ack 611378944 win 57344 0,nop,nop,timestamp 1100668230 1996513030> > 00:23:00.054039 IP localhost.53245 > remotemachine.com.ssh: . ack 1 > win 65535 > 00:23:00.331844 IP remotemachine.com.ssh > localhost.53245: P 1:24(23) > ack 1 win 57964 > 00:23:04.922358 IP localhost.53245 > remotemachine.com.ssh: . ack 3512 > win 65535 > # Long break - remote terminal stops responding but data is still > flowing as you can see. > # > 00:34:05.662885 IP localhost.53245 > remotemachine.com.ssh: P > 1519:1559(40) ack 3512 win 65535 1100668711> > 00:34:07.284836 IP localhost.53245 > remotemachine.com.ssh: P > 1519:1559(40) ack 3512 win 65535 1100668711> > 00:34:09.285235 IP localhost.53245 > remotemachine.com.ssh: P > 1519:1559(40) ack 3512 win 65535 1100668711> > 00:34:43.290382 IP localhost.53240 > remotemachine.com.ssh: FP > 0:48(48) ack 1 win 65535 > # ~? > 00:35:09.294870 IP localhost.53245 > remotemachine.com.ssh: P > 1519:1719(200) ack 3512 win 65535 1100668711> > 00:37:17.308387 IP localhost.53245 > remotemachine.com.ssh: FP > 1519:2655(1136) ack 3512 win 65535 1100668711> > #Closed terminal > The localhost is trying to send the 40 bytes in its buffer. It is not receiving and ACK from remotemachine so it retries until it eventually gives up. The F flag is localhost issuing a FIN to remotemachine to drop the TCP connection. It tries a couple times and then likewise gives up. I would recommend a ktrace on the server to see if it yields any additional information. My guess is that the sshd process has died. syslog might not be set to catch the error it may be generating. ktrace will show all the syslog calls.