[Gllug] ssh problem doing my head in
Russell Howe
rhowe at siksai.co.uk
Sun Feb 11 05:17:29 UTC 2007
On Sat, Feb 10, 2007 at 02:21:09PM +0000, Tom Schutzer-Weissmann wrote:
> In wireshark I can see that after authentication there's nothing but TCP
> Retransmissions and Dup ACKs. I don't know enough to diagnose much more.
>
> As far as I can understand, the client is trying to respond to the server's
> last packet, but the response doesn't get through. The server just keeps
> asking for the response. Why the response doesn't get there...
Shot in the dark, but could it be an MTU issue? Maybe a host somewhere
is silently discarding packets beyond a certain size (or the ICMP
fragmentation-needed datagrams it is sending aren't reaching you).
Since SSH is a TCP protocol, and assuming that:
a) It's an MTU problem (search for "broken pmtud" to see what I'm
talking about)
b) Your firewall runs Linux or IOS (pf etc can probably do this too)
Try clamping your MSS (search for "MSS clamping" to see what this is all
about).
Even if it isn't an MTU problem, I'd still read up on how Path MTU
Detection (PMTUD) works, and how people tend to break it. It can help
you understand all sorts of weird behaviour.
--
Russell Howe | Why be just another cog in the machine,
rhowe at siksai.co.uk | when you can be the spanner in the works?
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list