Why does ssh keep hanging

Discussion in 'Linux Networking' started by unruh, Apr 30, 2012.

  1. unruh

    unruh Guest

    I am connecting to the net via a home router wireless (Zoom) and I am
    discovering that if I leave an ssh session for more than a minute of
    two, it freezes (ie the ssh session stops being connected and the screen
    is frozen) The session is not disconnected according to either of the
    machines-- they seem to think that the ssh session is still running--
    but nothing I type gets to the other side and no information goes from
    there to me.
    I can open a new ssh session in anther terminal window, but the old one
    stays dead.
    This is annoying if I am for example answering a netnews session or
    editing an email as I just have to close the window and try again. Ie,
    thought is being penalized. Is there any way I can figure out what is
    going on-- why the session is freezing?

    Note that a ping to the remote machine I am sshing to in another
    window keeps going.
     
    unruh, Apr 30, 2012
    #1
    1. Advertisements

  2. David W. Hodgins, Apr 30, 2012
    #2
    1. Advertisements

  3. Richard Kettlewell, Apr 30, 2012
    #3
  4. unruh

    Chris Davies Guest

    One (or more) of the firewall devices between you and the remote server
    is timing out your session. To stop this happening you need to use the
    ServerAliveInterval setting.

    For example, drop this in your ~/.ssh/config, or if the file already
    exists, tweak it appropriately:

    Host *
    ServerAliveInterval 60

    I often have these two configuration items in there, too, but YMMV:
    ForwardX11 yes
    Compression yes

    Chris
     
    Chris Davies, Apr 30, 2012
    #4
  5. unruh

    unruh Guest

    I suppose that the zoom modem might have a firewall enabled, but I doubt
    it. My computers on either end do not Note that this happens even if I
    am connected to exactly the same machine in another window (also on ssh)
    Ie, it seems to be a ssh session problem, not a general computer to
    computer problem. I'll try the various Alive options.
    Thanks

    ( and it is not an ssh closing problem. On my side the session is to all
    intents still open-- no logout, no closing. On the far side the program
    that was running in the ssh session is still running so it thinks it is
    still connected to something. It is just that no data passes between
    them.
    This is only happening as well on this one connection through this zoom
    modem, and not at work where the session stays useable and open for
    hours and days. So it is not the computers at either end.
     
    unruh, Apr 30, 2012
    #5
  6. Is the router doing NAT? The symptoms are consistent with it doing some
    kind of connection tracking, badly.
     
    Richard Kettlewell, Apr 30, 2012
    #6
  7. unruh

    unruh Guest

    Something is since I have a 192.168.x address.

    Unfortunately I have no access to the router nor do I know how it
    connects to service provide. I renting a room in a private house which
    also supplies wireless service. The first few steps in traceroute give

    1 10.232.0.1 (10.232.0.1) 12.095 ms 12.445 ms 12.408 ms
    2 68.6.13.0 (68.6.13.0) 12.993 ms 18.047 ms 18.472 ms
    3 ip68-4-11-96.oc.oc.cox.net (68.4.11.96) 65.925 ms 65.909 ms
    65.892 ms
    4 ip68-4-11-92.oc.oc.cox.net (68.4.11.92) 64.686 ms 65.806 ms
    65.790 ms
    5 paltbprj01-ae2.0.rd.pt.cox.net (68.1.2.98) 79.638 ms 79.605 ms
    79.178 ms
     
    unruh, Apr 30, 2012
    #7
  8. unruh

    Chris Davies Guest

    You described it as a wireless router and then a modem. On that basis
    I'm going to continue to assume that it's performing NAT, and therefore
    it's a strong candidate for triggering the fault as described.

    Chris
     
    Chris Davies, Apr 30, 2012
    #8
  9. I blame NAT, then.
    Chris's suggestion is the best you'll get, unless you can persuade
    whoever operates this router to replace it with something that works
    better.
     
    Richard Kettlewell, Apr 30, 2012
    #9
  10. unruh

    unruh Guest

    Sorry, yes, it is a wireless access point, a router. I have no idea how
    it hooks into the network.

    I enabled ClientAliveInterval 15 on the host, and that seems to be
    helpful. We will see.
     
    unruh, Apr 30, 2012
    #10
  11. unruh

    Jorgen Grahn Guest

    I bet it's a general TCP problem. I.e. if you set e.g. netcat to
    listen on one machine, use netcat to connect to it from the other, and
    type a few lines once in a while, you'll see the exact same thing.

    Like the others, I blame NAT. I am happy to say I have no such devices
    -- killing TCP connections after mere minutes of inactivty is plain
    broken. I'd demand my money back (and enable keepalives while waiting
    for a replacement).

    /Jorgen
     
    Jorgen Grahn, Apr 30, 2012
    #11
  12. unruh

    unruh Guest

    Fortunately I am only here for a few weeks, so will soon be rid of the
    problem. But it sure is annoying while it lasts.
     
    unruh, Apr 30, 2012
    #12
  13. unruh

    Rick Jones Guest

    Oh! what a tangled web we wove
    When NAT we sought to interpose!

    (with apologies to Walter Scott)

    rick jones
     
    Rick Jones, Apr 30, 2012
    #13
  14. Right ;)
    And IPv6 is still not available for most customers :/ At least in
    Germany...
     
    Bernhard Kupfer a.k.a. Compukiller, May 4, 2012
    #14
  15. unruh

    Jorgen Grahn Guest

    It's available alright (free tunnels from e.g. Hurricane Electric)
    -- there aren't too many peers to talk to ...

    /Jorgen
     
    Jorgen Grahn, May 4, 2012
    #15
  16. unruh

    Rick Jones Guest

    I don't think it has been lit-up by Uvers (AT&T) in Sunnyvale, CA
    either. Even so, does IPv6 really make NAT go away? Yes, it may
    address one of the first motivations for NAT - lack of address space
    (assuming the providers are willing to provide sufficiently sized
    address blocks to customers) but won't there still be a strong desire
    to obfuscate what is going on on the customer premises?

    rick jones
     
    Rick Jones, May 4, 2012
    #16
  17. unruh

    Jorgen Grahn Guest

    Why wouldn't they? As far as I can tell, giving the customers
    something smaller than a /64 would just create more work for them,
    and/or violate IPv6 itself.
    There seems to be lots of people who think NAT is a vital part of
    their privacy -- I don't quite understand why. Perhaps they will
    reconsider when the rest of us start using real peer-to-peer
    protocols without NAT workarounds.

    /Jorgen
     
    Jorgen Grahn, May 5, 2012
    #17
  18. unruh

    Rick Jones Guest

    I just wonder if they will try to monetize somehow. Giving a customer
    a large number of addresses without charging more for it is something
    I suspect a number of green-eyeshades types look dimmly upon.

    rick jones
     
    Rick Jones, May 7, 2012
    #18
  19. unruh

    Jorgen Grahn Guest

    Messing with that aspect of IPv6 would be astonishingly stupid and
    counter-productive ... perhaps I'm not cynical enough, but I don't
    think it will happen that way.

    (On the other hand, when *will* it happen? ISPs around here
    don't even /pretend/ to have IPv6 plans.)

    /Jorgen
     
    Jorgen Grahn, May 8, 2012
    #19
  20. unruh

    Chris Davies Guest

    I'm currently sitting on the NAT side of the fence. (Just.) My
    reasoning is this. It is the ISPs that issue the /64 netblocks for
    end users/organisations. If I use that /64 directly on my network,
    it's fine right up to the point that I want to switch ISP, but then I
    need a mammoth renumber to fit the new /64 from the new ISP. This can
    work for devices that use and understand DHCP but requires intensive
    and coordinated intervention for everything else (routers, firewalls,
    DHCP servers, dumber devices, etc.)

    1:1 NAT would help tremendously in this situation, as I could keep my own
    private number space internally, but still present the full address space
    in the routable IPv6 world with every device potentially addressable -
    just like you would expect.

    Chris
     
    Chris Davies, May 9, 2012
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.