Re: Do I have an ssh problem?
- From: Bill Davidsen <davidsen@xxxxxxx>
- Date: Thu, 20 Sep 2007 17:47:12 -0400
Jonathan Underwood wrote:
On 11/09/2007, Les <hlhowell@xxxxxxxxxxx> wrote:
I had the same problem on FC6. I asked lots of questions got lots of
advice leading to iptables in the firewall being part of the problem.
Finally I turned off the firewall, and things worked ok. I am now
slowly going through the iptables and playing with combinations, to see
what in there is mucking up the transfers. But it seems related to
several things affecting different bits of the process.
I can't isolate it well yet.
If you have a separate firewall isolating you from the net threats as I
do, then you can pretty safely turn off the machines firewall and see if
it helps.
I have had probelms with scp of large files between two boxes each
behind a firewall - the scp would stalll after a few kb (the machine
wouldn't crash though). Turns out that one of the firewalls was
somehow causing many packets to be out of the TCP window.
doing an
echo 1 > /proc/sys/netfilter/nf_conntrack_tcp_be_liberal
fixed that for me. To make it persistent accross rebotts you need to
add this line to /etc/sysctl.conf
net.netfilter.nf_conntrack_tcp_be_liberal = 1
Now I have to go read exactly what that is supposed to do.
Now there I have never seen a problem, and I have boxen from RH8, RH9, FC1, FC[4567] running, all with advanced window scaling set to 5 (and on, obviously). In particular, my FC4 laptop may run wireless or plugged in, so speeds are quite different. I did transfer some DVD images FC7 to FC4 with no issue. What does it say that I find a 4GB xfer easier than walking up three flights of stairs and back?
Another thing you might want to turn off is tcp window scaling - read
about that here:
http://lwn.net/Articles/92727/
However, I would not have expected any of these things to cause a box to hang.
I have transferred cpio data of ~1GB,
find images -type f -mnewer lastsync | cpio -o -Hcrc |
ssh foo "cd images && cpio -idm"
and that worked, all using large windows.
FWIW I also do NFS using 9k jumbo packets and GigE between FC1 and FC6, and I moved ~700GB doing that. That points away from a network volume issue in FC7. The NFS uses TCP not UDP for reasons not related to hanging.
Final thought, I use blowfish encryption, but a fail in ssh/sshd wouldn't stop a system in any case.
--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
- References:
- Do I have an ssh problem?
- From: Steven W. Orr
- Re: Do I have an ssh problem?
- From: Andy Green
- Re: Do I have an ssh problem?
- From: Steven W. Orr
- Re: Do I have an ssh problem?
- From: John Wendel
- Re: Do I have an ssh problem?
- From: Les
- Re: Do I have an ssh problem?
- From: Jonathan Underwood
- Do I have an ssh problem?
- Prev by Date: Re: How to play .AU files with Fedora?
- Next by Date: Re: New SATA Hard Drive
- Previous by thread: Re: Do I have an ssh problem?
- Next by thread: Clock Sources Explanation For x86_64 -- acpi_pm, jiffies, tsc -- Virtualization Imapct -- VMWare, Xen
- Index(es):
Relevant Pages
|
