After much field-exploration, I have determined the source of the
freezes as ssh_handle_key_exchange()
The server code enters here and never returns. No exception is thrown...
it simply goes poof in there.
And you know you're in no-man's land when Google can only find a handful
of matches such as this one from 12 yrs ago:
https://libssh.libssh.narkive.com/aV5Drqf2/callbacks-and-ssh-handle-key-exchange-dead-lock
Plus this fascinating one from 2025:
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day
The latter makes me wonder if my bad actors are trying to exploit the
zero-day to get shell access and causing the freezes. While I know
exactly where the freeze occurs, I haven't been able to pinpoint
external patterns. It may occur after 400-500 clients or as little as
two.
Really curious about how to get the IP address now to see if it's
originating from the same zone
