Hi, MaxStartups is a great idea, thanks! will ask sysadmins to adjust that setting. also no reason not to use -W other than 'old school' pattern. switched to it (though i doubt it's an issue)
On Wednesday, 25 June 2014 16:50:02 UTC-5, Paul Durivage wrote: > > How many parallel connections are you proxying through "proxyhost"? My > team encounter a similar situation where the "ssh_config" directive > "MaxStartups" was too low, and the ssh connection timeout value was being > exceeded connecting to the proxy server. > > At any rate, check your proxy's MaxStartups, and adjust accordingly. You > can test if this is an issue by setting a fork limit to 1 -- one connection > (as opposed to potentially many parallel connections) should be rather > quick. > > Additionally, I'd look into that proxy command. Is there any reason why > you cannot proxy using the -W argument for proxying? I'm curious if the > proxy command is wonky and causes some sort of connection problem with > ansible's default SSH configuration settings. > > > On Wed, Jun 25, 2014 at 11:13 AM, Nick Evgeniev <[email protected] > <javascript:>> wrote: > >> Hi, >> >> it's a LAN with some VLANs configured (out of my control so hardly can >> tell more). As I don't see any problem with ssh, I guess it could be ssh >> library ansible is using.. (needs to be tuned or may be changed?) >> >> ansible version is 1.6.2 >> >> controller (ansible) host is osx: >> Darwin hostname 13.1.0 Darwin Kernel Version 13.1.0: Thu Jan 16 19:40:37 >> PST 2014; root:xnu-2422.90.20~2/RELEASE_X86_64 x86_64 >> >> target host is redhat linux: >> Linux lb0079 2.6.32-358.14.1.el6.x86_64 #1 SMP Mon Jun 17 15:54:20 EDT >> 2013 x86_64 x86_64 x86_64 GNU/Linux >> >> ssh connection is being proxied by: >> host lb0* >> user some_user >> ProxyCommand ssh proxyhost /usr/bin/nc %h %p 2> /dev/null >> identityfile /Users/e21170/.ssh/id_dsa >> >> #Host lb0* >> # ControlPath ~/.ssh/%h.%p.%r >> # ControlMaster auto >> >> On Tuesday, 24 June 2014 19:54:16 UTC-5, Michael DeHaan wrote: >> >>> Anything particularly interesting about the setup, OSes involved >>> (managed or managing), or network? >>> >>> >>> >>> >>> >>> >>> On Tue, Jun 24, 2014 at 6:23 PM, Nick Evgeniev <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> For some reason if I'm connecting to the host using ansible connection >>>> is been dropped frequently with "Connection timed out during banner >>>> exchange" message.. >>>> >>>> Any hints? pls check output below.. again if I just 'ssh lb0014' >>>> everything is fine >>>> >>>> GATHERING FACTS ****************************** >>>> ********************************* >>>> <lb0014> ESTABLISH CONNECTION FOR USER: e21170 >>>> <lb0014> REMOTE_MODULE setup >>>> <lb0014> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', 'ControlMaster=auto', >>>> '-o', 'ControlPersist=60s', '-o', 'ControlPath=/Users/e21170/. >>>> ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'KbdInteractiveAuthentication=no', >>>> '-o', >>>> 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', >>>> >>>> '-o', 'PasswordAuthentication=no', '-o', 'ConnectTimeout=10', 'lb0014', >>>> "/bin/sh -c 'mkdir -p >>>> $HOME/.ansible/tmp/ansible-tmp-1403648080.05-169695987704675 >>>> && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1403648080.05-169695987704675 >>>> && echo $HOME/.ansible/tmp/ansible-tmp-1403648080.05-169695987704675'"] >>>> fatal: [lb0014] => SSH encountered an unknown error. The output was: >>>> OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 >>>> debug1: Reading configuration data /Users/e21170/.ssh/config >>>> debug1: /Users/e21170/.ssh/config line 20: Applying options for lb0* >>>> debug1: Reading configuration data /etc/ssh_config >>>> debug1: /etc/ssh_config line 20: Applying options for * >>>> debug1: auto-mux: Trying existing master >>>> debug1: Control socket >>>> "/Users/e21170/.ansible/cp/ansible-ssh-lb0014-22-gfadm" >>>> does not exist >>>> debug2: ssh_connect: needpriv 0 >>>> debug1: Executing proxy command: exec ssh labgw1 /usr/bin/nc lb0014 22 >>>> 2> /dev/null >>>> debug3: timeout: 10000 ms remain after connect >>>> debug1: permanently_drop_suid: 962233211 >>>> debug3: Incorrect RSA1 identifier >>>> debug3: Could not load "/Users/e21170/.ssh/id_dsa" as a RSA1 public key >>>> debug1: identity file /Users/e21170/.ssh/id_dsa type 2 >>>> debug1: identity file /Users/e21170/.ssh/id_dsa-cert type -1 >>>> debug1: Enabling compatibility mode for protocol 2.0 >>>> debug1: Local version string SSH-2.0-OpenSSH_6.2 >>>> Connection timed out during banner exchange >>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/ansible-project/b21da244-d3cb-4551-8872- >>>> 0a459578fda5%40googlegroups.com >>>> <https://groups.google.com/d/msgid/ansible-project/b21da244-d3cb-4551-8872-0a459578fda5%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/6fde7729-33f4-461a-851b-1353ba2fd4fb%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ansible-project/6fde7729-33f4-461a-851b-1353ba2fd4fb%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8871c153-a7f2-49f1-b3a6-4bbf5c2cbf73%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
