Dear sir or madam, I am registered user with Savannah (username = peter20080727) and am part of the traverso project. I tried to check the project out from cvs using ssh. In an earlier mail I wrote about connection difficulties using an ssh login.
When looking more into the issue I found that I could log in using PuTTY (on wine) - I got the 'command not allowed' message, but nevermind, it was still a login. This lead me to the conclusion that the problem must lie with OpenSSH. So I looked on google using 'openssh nat login hangs' and found this post: > (http://marc.info/?l=secure-shell&m=118520918019189&w=2) > > [...] >> >> So there is something about my network at home that kills multiple >> >> versions of openssh but which does not affect other ssh clients. I >> >> have a d-link router which acts as a firewall and NAT. > > > > OpenSSH sets the IP TOS (to either "lowdelay" or "throughput") and some > > some routers have been known to choke on such packets. > > > > [...] >> >> debug2: fd 3 setting TCP_NODELAY >> >> debug2: callback done >> >> debug2: channel 0: open confirm rwindow 0 rmax 32768 >> >> that is the last message. The terminal hangs. ctrl-c can not interrupt. > > > > The TOS is set immediately after the TCP_NODELAY so it's a pretty good > > bet that's your culprit. > > > > As a workaround, you can recompile ssh then you can insert a "return;" > > at the start of packet_set_tos() in packet.c. Alternatively you can use > > ssh's ProxyCommand to use a program such as netcat as an alternative > > transport that doesn't set those bits, eg: > > > > ssh -o "ProxyCommand nc %h %p" yourserver > > [...] So I tried this command (I have netcat installed), and this is the output: > > [EMAIL PROTECTED]:~$ ssh -o "ProxyCommand nc %h %p" [EMAIL PROTECTED] > > Enter passphrase for key '/home/peter/.ssh/id_dsa': > > Last login: Tue Jul 29 00:58:46 2008 from 84.12.100.239 > > You tried to execute: > > Sorry, you are not allowed to execute that command. > > Connection to cvs.savannah.gnu.org closed. So I had a login. Never mind that savannah locks me out immediately - it's set up that way! I am indeed behind a d-link adsl router with NAT and Firewall enabled, and it must have choked on OpenSSH setting the TOS. This means that I now have to find a way of telling ssh through cvs not to set the IP TOS. I thought I better report this, as it may help you if other people ask the same question. P
