Re: [gentoo-user] ssh connections time out

2007-11-29 Thread Mick 
On Thursday 29 November 2007, Billy Holmes wrote:
> Mick wrote:
> > I just ran some quick tcptraceroute tests and can see that my random port
> > number has the same or less latency than port 80, or port 22
> > connections . . .
>
> try two things:
>
> 1) put your sshd on port 443 if you can. see if you can connect with no
> latency.
>
> or
>
> 2) perform this as root on BOTH boxes:
>
> # echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
>
> that will disable the large tcp window negotiation. some broken
> firewalls/packet filters cause connections with this enabled to fail or
> become unfriendly.
>
> http://lists.debian.org/debian-kernel/2007/01/msg00652.html

Thanks!  I'll try both and see what gives.
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] ssh connections time out

2007-11-28 Thread Billy Holmes 
Mick wrote:
> I just ran some quick tcptraceroute tests and can see that my random port 
> number has the same or less latency than port 80, or port 22 
> connections . . .
>   

try two things:

1) put your sshd on port 443 if you can. see if you can connect with no
latency.

or

2) perform this as root on BOTH boxes:

# echo 0 > /proc/sys/net/ipv4/tcp_window_scaling

that will disable the large tcp window negotiation. some broken
firewalls/packet filters cause connections with this enabled to fail or
become unfriendly.

http://lists.debian.org/debian-kernel/2007/01/msg00652.html
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] ssh connections time out

2007-11-28 Thread Dan Farrell 
On Wed, 28 Nov 2007 09:57:25 +
Mick <[EMAIL PROTECTED]> wrote:

> I just ran some quick tcptraceroute tests and can see that my random
> port number has the same or less latency than port 80, or port 22 
> connections . . .

DNS Servers over loaded, on one side of the transaction or the other?  
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] ssh connections time out

2007-11-28 Thread Dale 
Etaoin Shrdlu wrote:
> On Wednesday 28 November 2007, Dale wrote:
>
>   
>> Billy Holmes wrote:
>> 
>>> that's what the REMOTE machine will do after you connect to it, but
>>> before you get a prompt. This can (normally) be configured on an
>>> application basis to not do it.
>>>   
>> OK.  I read most of it, what I could get a grip on anyway.  Basically
>> it looks to see if that IP address has a name too.  Sort of silly but,
>> whatever works I guess.
>> 
>
> It does not stop there. It's usually used to prevent spoofing.
>
> The complete process is more or less as follows: suppose you connect with 
> a spoofed IP address, then the remote end will do the reverse lookup to 
> find out your dns name, do a forward lookup with the name it just found, 
> and see if the resulting IP is the one you are connecting from.
>
> From man sshd_config:
>
> UseDNSSpecifies whether sshd(8) should look up the remote host name
>   and check that the resolved host name for the remote IP address
>   maps back to the very same IP address.  The default is ``yes''.
>   

I was sort of thinking about it helping with that.  I just wasn't sure
that would work like I was thinking.  I suspected it may be a security
thing.  It seems that most things with Linux are security related
anyway.  That's pretty cool.  Some geek got a great idea.  o_O

Now it makes good sense.  I think it is pretty cool that it does that,
even if it messed me up at first.  Just wish this wouold have fixed the
OP's problem.

Thanks.

Dale

:-)  :-)  :-)

Re: [gentoo-user] ssh connections time out

2007-11-28 Thread Mick 
On Tuesday 27 November 2007, Vladimir Rusinov wrote:
> On 11/27/07, Mick <[EMAIL PROTECTED]> wrote:
> > Have you come across such a problem before?  How can I troubleshoot
> > it?  In
> > this day and age of broadband connections it seems strange to get worse
> > performance than on a dialup network . . .  I mean I have run VNC
> > connections
> > over a 56k dial up with more responsiveness than this!
>
> Tune QoS (Quality of Service). It's not very trivial, but there are some
> good howtos/articles.

Trying to stick to the OP:

I just ran some quick tcptraceroute tests and can see that my random port 
number has the same or less latency than port 80, or port 22 
connections . . .
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] ssh connections time out

2007-11-28 Thread Etaoin Shrdlu 
On Wednesday 28 November 2007, Dale wrote:

> Billy Holmes wrote:
> >
> > that's what the REMOTE machine will do after you connect to it, but
> > before you get a prompt. This can (normally) be configured on an
> > application basis to not do it.
>
> OK.  I read most of it, what I could get a grip on anyway.  Basically
> it looks to see if that IP address has a name too.  Sort of silly but,
> whatever works I guess.

It does not stop there. It's usually used to prevent spoofing.

The complete process is more or less as follows: suppose you connect with 
a spoofed IP address, then the remote end will do the reverse lookup to 
find out your dns name, do a forward lookup with the name it just found, 
and see if the resulting IP is the one you are connecting from.

From man sshd_config:

UseDNSSpecifies whether sshd(8) should look up the remote host name
  and check that the resolved host name for the remote IP address
  maps back to the very same IP address.  The default is ``yes''.
--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] ssh connections time out

2007-11-27 Thread Dale 
Billy Holmes wrote:
> Dale wrote:
>   
>> didn't even name the systems since all I used them for was to run
>> folding.  After I named them and put the entries in the hosts file, it
>> worked fine even when ssh'ing in with the IP number.  Before that, it
>> took forever to login.
>> 
>
> google: reverse lookup dns wikipedia
>
> click on the first link
>
> that's what the REMOTE machine will do after you connect to it, but
> before you get a prompt. This can (normally) be configured on an
> application basis to not do it.
>   

OK.  I read most of it, what I could get a grip on anyway.  Basically it
looks to see if that IP address has a name too.  Sort of silly but,
whatever works I guess.  At least now I sort of get what it means.

Thanks for the info.

Dale

:-)  :-)  :-)

Re: [gentoo-user] ssh connections time out

2007-11-27 Thread Billy Holmes 
Dale wrote:
> didn't even name the systems since all I used them for was to run
> folding.  After I named them and put the entries in the hosts file, it
> worked fine even when ssh'ing in with the IP number.  Before that, it
> took forever to login.

google: reverse lookup dns wikipedia

click on the first link

that's what the REMOTE machine will do after you connect to it, but
before you get a prompt. This can (normally) be configured on an
application basis to not do it.
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] ssh connections time out

2007-11-27 Thread Dale 
Mark Shields wrote:
> On Nov 27, 2007 4:19 PM, Dale <[EMAIL PROTECTED]
> > wrote:
>
> Dan Farrell wrote:
>> On Tue, 27 Nov 2007 13:26:18 -0600
>> Dale <[EMAIL PROTECTED]>  wrote:
>>  
>
> You are correct.  It has that exact line in the nsswitch.conf
> file.  Someone tried to explain the "lookup" thing but it just
> went over my head.  I know when I go to google for example that it
> goes to a DNS server to get the IP to know where to go to.  I just
> never could figure why it did that when it has the number
> already.  I just know that adding that to the host file worked
> like a charm.
>
> I'm still curious as to why the OP is having this problem.  I
> suspect, like me all the time, it will be something pretty
> simple.  We always find the complicated stuff.  LOL
>
> Dale
>
> :-)  :-) :-)
>
>
> The "lookup thing" is very similar to the same kind of DNS query used
> when visiting a website.
>
> -- 
> - Mark Shields 

Yea, I got that part but why does it do that when you are using the IP
number to go to it?  That was what was confusing me.  Up until that
time, I didn't even name the systems since all I used them for was to
run folding.  After I named them and put the entries in the hosts file,
it worked fine even when ssh'ing in with the IP number.  Before that, it
took forever to login.

I would think that it would just go straight to it without a look-up at
that point.  Then again, I'm not networking guru either.

Dale

:-)  :-)

Re: [gentoo-user] ssh connections time out

2007-11-27 Thread Mark Shields 
On Nov 27, 2007 4:19 PM, Dale <[EMAIL PROTECTED]> wrote:

>  Dan Farrell wrote:
>
> On Tue, 27 Nov 2007 13:26:18 -0600
> Dale <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> wrote:
>
>
>
>  Just to add to this, I was using the IP address too and it was very
> slow.  This was also on a local network.  After adding the lines to my
> host files, it was fast no matter whether I used the name or the IP
> address.  I still don't understand why this matters tho.
>
> Just a thought.
>
> Dale
>
>
>  I am guessing your /etc/nsswitch.conf says:
> hosts:files dns
>
> in this case, the /etc/hosts file will be consulted before the dns.  If
> you provide an IP address, it will probably want to do a reverse lookup
> to the name (for .ssh/known-hosts for one); if provided a domain name,
> it will have to look it up.
>
>
>
> You are correct.  It has that exact line in the nsswitch.conf file.
> Someone tried to explain the "lookup" thing but it just went over my head.
> I know when I go to google for example that it goes to a DNS server to get
> the IP to know where to go to.  I just never could figure why it did that
> when it has the number already.  I just know that adding that to the host
> file worked like a charm.
>
> I'm still curious as to why the OP is having this problem.  I suspect,
> like me all the time, it will be something pretty simple.  We always find
> the complicated stuff.  LOL
>
> Dale
>
> :-)  :-) :-)
>

The "lookup thing" is very similar to the same kind of DNS query used when
visiting a website.

-- 
- Mark Shields

Re: [gentoo-user] ssh connections time out

2007-11-27 Thread Dale 
Dan Farrell wrote:
> On Tue, 27 Nov 2007 13:26:18 -0600
> Dale <[EMAIL PROTECTED]> wrote:
>
>   
>> Just to add to this, I was using the IP address too and it was very
>> slow.  This was also on a local network.  After adding the lines to my
>> host files, it was fast no matter whether I used the name or the IP
>> address.  I still don't understand why this matters tho.
>>
>> Just a thought.
>>
>> Dale
>> 
>
> I am guessing your /etc/nsswitch.conf says:
> hosts:files dns
>
> in this case, the /etc/hosts file will be consulted before the dns.  If
> you provide an IP address, it will probably want to do a reverse lookup
> to the name (for .ssh/known-hosts for one); if provided a domain name,
> it will have to look it up.  
>   

You are correct.  It has that exact line in the nsswitch.conf file. 
Someone tried to explain the "lookup" thing but it just went over my
head.  I know when I go to google for example that it goes to a DNS
server to get the IP to know where to go to.  I just never could figure
why it did that when it has the number already.  I just know that adding
that to the host file worked like a charm.

I'm still curious as to why the OP is having this problem.  I suspect,
like me all the time, it will be something pretty simple.  We always
find the complicated stuff.  LOL

Dale

:-)  :-) :-)

Re: [gentoo-user] ssh connections time out

2007-11-27 Thread Dan Farrell 
On Tue, 27 Nov 2007 13:26:18 -0600
Dale <[EMAIL PROTECTED]> wrote:

> Just to add to this, I was using the IP address too and it was very
> slow.  This was also on a local network.  After adding the lines to my
> host files, it was fast no matter whether I used the name or the IP
> address.  I still don't understand why this matters tho.
> 
> Just a thought.
> 
> Dale

I am guessing your /etc/nsswitch.conf says:
hosts:  files dns

in this case, the /etc/hosts file will be consulted before the dns.  If
you provide an IP address, it will probably want to do a reverse lookup
to the name (for .ssh/known-hosts for one); if provided a domain name,
it will have to look it up.  
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] ssh connections time out

2007-11-27 Thread Dale 
Mick wrote:
> Thank you all for your replies,
>
> On Tuesday 27 November 2007, Chris Frederick wrote:
>   
>> Dale wrote:
>> 
>
>   
>>> I also ran into something like this on a local network.  I corrected
>>> this by adding the remote systems to my hosts file and putting the entry
>>> in the host file on the remote system.
>>>   
> [ship...]
>
>   
>> I've had this problem as well.  I've added "UseDNS no" to the
>> sshd_config file and that had the same result.  I usually only had high
>> latency establishing the connection though.  Once the connection was
>> established and I was logged in, everything was fast again.
>> 
>
> The problem is not with the DNS servers.  I use IP addresses to access these 
> machines and when I have tried FQDNs it makes no odds.
>
>   
>> I've also had connection issues while transferring files through ssh,
>> and I got around that (somewhat) by added "-l" to the scp command.  This
>> tries to throttle the connection speed, and I can usually keep a
>> connection going with that.  I say that is somewhat fixed the issue
>> because I also need to use ssh to port forward to an internal database
>> and run scripts there, but there's no way that I know to do the same
>> throttling with a port forwarding ssh command.
>> 
>
> The -l option is to apply a protocol specific type of QoS and limit the 
> bandwidth consumed by scp so that other critical services on the server don't 
> run dry.  My problem is that I do not seem to have enough bandwidth to start 
> with.
>
> The ports of the servers are random numbers in the 200+ and 12000+ range and 
> I 
> have checked that no other applications are using/listening on these ports.  
> I've not tried port 22 yet, but I'll give it a go tonight.  I tend to use 
> higher random ports just to achieve some basic 'security by obscurity' from 
> script kiddies and botnets.  The issue with port 22 is that the 
> world-and-his-wife will try to hack in and cause DoS to the little bandwidth 
> that seems to be available.  :p  Ha!  I'll deal with this at the firewall.
>
> The datacenter servers are listening on port 22.  This difference in 
> performance between the production and the domestic servers also made me 
> think that there may well be some traffic shaping by the ISPs at their 
> routers, but don't know if I can test this for definite somehow.
>
> I don't think that setting up QoS at the domestic servers is going to make 
> any 
> difference.  These machines are not stressed at all and off peak I can access 
> them fine.  It is at peak times that things really go pear shape, hence it 
> should be a network congestion/traffic shaping issue.  I don't know if people 
> started going mad at the pre-Christmas online shopping and things have been 
> particularly bad since last Saturday, or if it is just some ISP network 
> maintenance that made my connections impossible.
>
> More about my trials and tribulations on port 22 tomorrow . . .
>   

Just to add to this, I was using the IP address too and it was very
slow.  This was also on a local network.  After adding the lines to my
host files, it was fast no matter whether I used the name or the IP
address.  I still don't understand why this matters tho.

Just a thought.

Dale

:-)  :-)  :-)

Re: [gentoo-user] ssh connections time out

2007-11-27 Thread Mick 
Thank you all for your replies,

On Tuesday 27 November 2007, Chris Frederick wrote:
> Dale wrote:

> > I also ran into something like this on a local network.  I corrected
> > this by adding the remote systems to my hosts file and putting the entry
> > in the host file on the remote system.
[ship...]

> I've had this problem as well.  I've added "UseDNS no" to the
> sshd_config file and that had the same result.  I usually only had high
> latency establishing the connection though.  Once the connection was
> established and I was logged in, everything was fast again.

The problem is not with the DNS servers.  I use IP addresses to access these 
machines and when I have tried FQDNs it makes no odds.

> I've also had connection issues while transferring files through ssh,
> and I got around that (somewhat) by added "-l" to the scp command.  This
> tries to throttle the connection speed, and I can usually keep a
> connection going with that.  I say that is somewhat fixed the issue
> because I also need to use ssh to port forward to an internal database
> and run scripts there, but there's no way that I know to do the same
> throttling with a port forwarding ssh command.

The -l option is to apply a protocol specific type of QoS and limit the 
bandwidth consumed by scp so that other critical services on the server don't 
run dry.  My problem is that I do not seem to have enough bandwidth to start 
with.

The ports of the servers are random numbers in the 200+ and 12000+ range and I 
have checked that no other applications are using/listening on these ports.  
I've not tried port 22 yet, but I'll give it a go tonight.  I tend to use 
higher random ports just to achieve some basic 'security by obscurity' from 
script kiddies and botnets.  The issue with port 22 is that the 
world-and-his-wife will try to hack in and cause DoS to the little bandwidth 
that seems to be available.  :p  Ha!  I'll deal with this at the firewall.

The datacenter servers are listening on port 22.  This difference in 
performance between the production and the domestic servers also made me 
think that there may well be some traffic shaping by the ISPs at their 
routers, but don't know if I can test this for definite somehow.

I don't think that setting up QoS at the domestic servers is going to make any 
difference.  These machines are not stressed at all and off peak I can access 
them fine.  It is at peak times that things really go pear shape, hence it 
should be a network congestion/traffic shaping issue.  I don't know if people 
started going mad at the pre-Christmas online shopping and things have been 
particularly bad since last Saturday, or if it is just some ISP network 
maintenance that made my connections impossible.

More about my trials and tribulations on port 22 tomorrow . . .
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] ssh connections time out

2007-11-27 Thread Chris Frederick 
Dale wrote:
> 
> 
> I also ran into something like this on a local network.  I corrected
> this by adding the remote systems to my hosts file and putting the entry
> in the host file on the remote system.  I'm not sure what affect this
> had but it worked like a charm after that.  I guess it lets each other
> know who the other is or something. 
> 
> Hope that helps.
> 
> Dale
> 
> :-)  :-)  :-)  :-) 

I've had this problem as well.  I've added "UseDNS no" to the
sshd_config file and that had the same result.  I usually only had high
latency establishing the connection though.  Once the connection was
established and I was logged in, everything was fast again.

I've also had connection issues while transferring files through ssh,
and I got around that (somewhat) by added "-l" to the scp command.  This
tries to throttle the connection speed, and I can usually keep a
connection going with that.  I say that is somewhat fixed the issue
because I also need to use ssh to port forward to an internal database
and run scripts there, but there's no way that I know to do the same
throttling with a port forwarding ssh command.

Chris

-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] ssh connections time out

2007-11-27 Thread Joost Roeleveld 
> Christopher Copeland wrote:
>>
>> On 27 Nov 2007, at 10:19, Mick wrote:
>>
>>> Hi All,
>>>
>>> I have noticed this problem when I try to connect to two different
>>> machines in
>>> two different continents.  One is on cable (US) the other on ISDN ADSL
>>> (Greece).  In the evening and sometimes weekends ssh connections from
>>> my
>>> laptop to these two PCs are either taking ages or time out.  This is
>>> ssh
>>> connections to sshd which is listening to random ports in the 200+ or
>>> 12000+
>>> ranges.  If I eventually manage to connect the latency is ridiculous
>>> - up to
>>> 5 seconds!  Sometimes I enter a passwd, if I can get that far and
>>> then wait
>>> for hours with no response.  Eventually, I have to close the terminal.



>> I've run across the same kind of issues on certain ISPs when using
>> non-standard ports for sshd. Given other connections (Gtalk) are
>> working, the first thing I would try in your position is to see if
>> there is a difference when using 22 versus your random port. With
>> certain ISPs in the UK I've found SSH connections to be unusable on
>> anything but the default port. Of course it has everything to do with
>> the "smart" traffic shaping at the ISP and there was nothing I could
>> do about it.
>> --
>> Christopher
>
> I also ran into something like this on a local network.  I corrected
> this by adding the remote systems to my hosts file and putting the entry
> in the host file on the remote system.  I'm not sure what affect this
> had but it worked like a charm after that.  I guess it lets each other
> know who the other is or something.
>
> Hope that helps.
>
> Dale

Hi Dale,

Your comment might actually indicate a problem with the DNS-server
involved. Configuring the server(s) in the "hosts" file would be one
solution.

Mick, do you use IP-addresses or hostnames when you try to connect?
If you are using hostnames, can you test with IP-addresses instead?

Kind regards,

Joost Roeleveld

--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] ssh connections time out

2007-11-27 Thread Dale 
Christopher Copeland wrote:
>
> On 27 Nov 2007, at 10:19, Mick wrote:
>
>> Hi All,
>>
>> I have noticed this problem when I try to connect to two different
>> machines in
>> two different continents.  One is on cable (US) the other on ISDN ADSL
>> (Greece).  In the evening and sometimes weekends ssh connections from my
>> laptop to these two PCs are either taking ages or time out.  This is ssh
>> connections to sshd which is listening to random ports in the 200+ or
>> 12000+
>> ranges.  If I eventually manage to connect the latency is ridiculous
>> - up to
>> 5 seconds!  Sometimes I enter a passwd, if I can get that far and
>> then wait
>> for hours with no response.  Eventually, I have to close the terminal.
>>
>> Tracerouting does not get through although some clever tcptraceroute
>> strings
>> may on occasions (intermittently) get through.
>>
>> Both servers run on domestic networks.  BTW, ssh-ing to servers in
>> datacenters
>> with their big fiber-optic pipes, although relatively slow in peak
>> times,
>> always gets through.
>>
>> The strange thing is that there is no problem talking to these boxen
>> while
>> they run Google-Talk, it's only the ssh connection that seems to suffer.
>>
>> Have you come across such a problem before?  How can I troubleshoot
>> it?  In
>> this day and age of broadband connections it seems strange to get worse
>> performance than on a dialup network . . .  I mean I have run VNC
>> connections
>> over a 56k dial up with more responsiveness than this!
>> -- 
>> Regards,
>> Mick
>
> I've run across the same kind of issues on certain ISPs when using
> non-standard ports for sshd. Given other connections (Gtalk) are
> working, the first thing I would try in your position is to see if
> there is a difference when using 22 versus your random port. With
> certain ISPs in the UK I've found SSH connections to be unusable on
> anything but the default port. Of course it has everything to do with
> the "smart" traffic shaping at the ISP and there was nothing I could
> do about it.
> -- 
> Christopher

I also ran into something like this on a local network.  I corrected
this by adding the remote systems to my hosts file and putting the entry
in the host file on the remote system.  I'm not sure what affect this
had but it worked like a charm after that.  I guess it lets each other
know who the other is or something. 

Hope that helps.

Dale

:-)  :-)  :-)  :-) 
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] ssh connections time out

2007-11-27 Thread Joost Roeleveld 
> Hi All,
>
> I have noticed this problem when I try to connect to two different
> machines in
> two different continents.  One is on cable (US) the other on ISDN ADSL
> (Greece).  In the evening and sometimes weekends ssh connections from my
> laptop to these two PCs are either taking ages or time out.  This is ssh
> connections to sshd which is listening to random ports in the 200+ or
> 12000+
> ranges.  If I eventually manage to connect the latency is ridiculous - up
> to
> 5 seconds!  Sometimes I enter a passwd, if I can get that far and then
> wait
> for hours with no response.  Eventually, I have to close the terminal.
>
> Tracerouting does not get through although some clever tcptraceroute
> strings
> may on occasions (intermittently) get through.
>
> Both servers run on domestic networks.  BTW, ssh-ing to servers in
> datacenters
> with their big fiber-optic pipes, although relatively slow in peak times,
> always gets through.
>
> The strange thing is that there is no problem talking to these boxen while
> they run Google-Talk, it's only the ssh connection that seems to suffer.
>
> Have you come across such a problem before?  How can I troubleshoot it?
> In
> this day and age of broadband connections it seems strange to get worse
> performance than on a dialup network . . .  I mean I have run VNC
> connections
> over a 56k dial up with more responsiveness than this!
> --
> Regards,
> Mick
>

Hi Mick,

I have noticed these problems myself as well sometimes when connecting to
a server connected to ADSL in the UK (I am currently in NL myself)

Fortunately for me, I have full access to the ADSL-router from that server
when I can connect and I found it usually coincides with connection
problems between the router and the ISP.

Can you (or someone else) check if there are any problems with this?

Another cause could be that the ISP (you did mention these are domestic
networks) is throttling/blocking certain ports/services/connection types.
I have heard of ISPs in NL and Belgium (not sure if it's true) that tend
to change these policies depending on the time of day.

This could also be done by your ISP.
Are the SSH-ports of the servers in DataCenters on 22 (default) or in the
higher 200+ and 12000+ range?

Kind regards,

Joost Roeleveld

--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] ssh connections time out

2007-11-27 Thread Christopher Copeland 


On 27 Nov 2007, at 10:19, Mick wrote:


Hi All,

I have noticed this problem when I try to connect to two different  
machines in

two different continents.  One is on cable (US) the other on ISDN ADSL
(Greece).  In the evening and sometimes weekends ssh connections  
from my
laptop to these two PCs are either taking ages or time out.  This is  
ssh
connections to sshd which is listening to random ports in the 200+  
or 12000+
ranges.  If I eventually manage to connect the latency is ridiculous  
- up to
5 seconds!  Sometimes I enter a passwd, if I can get that far and  
then wait

for hours with no response.  Eventually, I have to close the terminal.

Tracerouting does not get through although some clever tcptraceroute  
strings

may on occasions (intermittently) get through.

Both servers run on domestic networks.  BTW, ssh-ing to servers in  
datacenters
with their big fiber-optic pipes, although relatively slow in peak  
times,

always gets through.

The strange thing is that there is no problem talking to these boxen  
while
they run Google-Talk, it's only the ssh connection that seems to  
suffer.


Have you come across such a problem before?  How can I troubleshoot  
it?  In
this day and age of broadband connections it seems strange to get  
worse
performance than on a dialup network . . .  I mean I have run VNC  
connections

over a 56k dial up with more responsiveness than this!
--
Regards,
Mick


I've run across the same kind of issues on certain ISPs when using non- 
standard ports for sshd. Given other connections (Gtalk) are working,  
the first thing I would try in your position is to see if there is a  
difference when using 22 versus your random port. With certain ISPs in  
the UK I've found SSH connections to be unusable on anything but the  
default port. Of course it has everything to do with the "smart"  
traffic shaping at the ISP and there was nothing I could do about it.

--
Christopher
--
[EMAIL PROTECTED] mailing list

[gentoo-user] ssh connections time out

2007-11-27 Thread Mick 
Hi All,

I have noticed this problem when I try to connect to two different machines in 
two different continents.  One is on cable (US) the other on ISDN ADSL 
(Greece).  In the evening and sometimes weekends ssh connections from my 
laptop to these two PCs are either taking ages or time out.  This is ssh 
connections to sshd which is listening to random ports in the 200+ or 12000+ 
ranges.  If I eventually manage to connect the latency is ridiculous - up to 
5 seconds!  Sometimes I enter a passwd, if I can get that far and then wait 
for hours with no response.  Eventually, I have to close the terminal.

Tracerouting does not get through although some clever tcptraceroute strings 
may on occasions (intermittently) get through.

Both servers run on domestic networks.  BTW, ssh-ing to servers in datacenters 
with their big fiber-optic pipes, although relatively slow in peak times, 
always gets through.

The strange thing is that there is no problem talking to these boxen while 
they run Google-Talk, it's only the ssh connection that seems to suffer.

Have you come across such a problem before?  How can I troubleshoot it?  In 
this day and age of broadband connections it seems strange to get worse 
performance than on a dialup network . . .  I mean I have run VNC connections 
over a 56k dial up with more responsiveness than this!
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.