I'm seeing a problem with the ssh IPQoS setting not causing TCP_NODELAY to be set.
There was Bug#643312 that looks similar, but has been fixed: openssh-client: IPQoS option ignored for AF_INET since 5.9p1-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643312 I have openssh-client version 1:6.0p1-4, from wheezy. I'm wondering whether I should file a bug report for this, or maybe it's a problem on my end? Here's what I'm seeing. I want to create an ssh tunnel to a machine to get mail from a Dovecot POP3 server, to minimize my attack surface by not exposing the POP3 port to the Internet. (I just want the ssh port open.) But, the ssh tunnel takes 80 seconds to start working. After that, it's fine. The change over happens when TCP_NODELAY gets set. I'd like for this to be set from the start, to avoid the 80 second delay. I've changed IPQoS in ssh to do this, but still get the delay. I've used nc to reproduce the problem. On the server I've put this in /etc/ssh/sshd_config. I don't think it's needed, but added it just to be sure: IPQoS lowdelay lowdelay nc is set to listen on server: server> nc -l -p 1212 The tunnel from client is created with: client> ssh -vvv -o IPQoS="lowdelay lowdelay" -o ExitOnForwardFailure=yes -fN -L1110:localhost:1212 server The nc connection from the client, and an initial line to transmit, is made with: client> nc localhost 1110 hello The 80 second delay happens here. Then these log messages are seen, and everything starts working fine: debug1: Connection to port 1110 forwarding to localhost port 1212 requested. debug2: fd 6 setting TCP_NODELAY debug2: fd 6 setting O_NONBLOCK debug3: fd 6 is O_NONBLOCK debug1: channel 2: new [direct-tcpip] debug2: channel 2: open confirm rwindow 2097152 rmax 32768 My understanding is that TCP_NODELAY should be set from the start, because of the IPQoS="lowdelay lowdelay" setting. Any ideas why it may not be, or thoughts on whether I should file a bug? -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/20130911144259.GA22901@tuzo
