Home / ubuntu / Questions / 305428
In Process
nanofarad
Asked: 2013-06-08 12:41:57 +0800 CST

SSH connections dropping after two or so lines

  • 772

I'm actually having a bit of an odd problem. I'm running Ubuntu Server 12.04, with a minimal set of packages: The base system, sshd, and an IRC server. I must allow someone else to configure the server to connect to their IRC network. However, they seem to be dropping after two lines of ls or cat.

Odder, this only happens on this server, and I haven't been able to reproduce it at all using PuTTY or an ssh client. Where should I look to diagnose this? auth.log shows a normal connection and authentication and does not give any details about the drop. fail2ban has no violations with the originating IP address.

This is a virtual machine with a forwarded port(it is bridge mode and has normal network connectivity). I can connect locally, across the LAN, and from a remote location with PuTTY without any problems. The other person can connect using ssh on Linux but encounters the connection dropping.

Logs from client.

Server-side logs show nothing out of the ordinary.

12.04

4 Answers

  1. Before you start, make sure that the system time at both ends are synchronized. This helps with the comparison later.

    Run tcpdump at both ends, filtered for TCP port 22. You mention that the client is using PuTTY so I assume Windows. You can get wireshark for Windows and it has a capture capability that you can use in place of tcpdump.

    Using tcpdump, you would do this with something like: tcpdump -w/tmp/ssh.pcap -s0 -ieth0 port 22. With wireshark on Windows, you can set up a capture filtered for port 22 using the GUI, and then save the capture to disk.

    Now open up both captures with wireshark. Find the point of disconnection. You should be able to see which end initiated the connection shutdown (where does a FIN or RST connection arrive from first?)

    You can also check to see if a third party host (eg. a router, or an ISP) is interfering with the connection. You'll identify this if you spot a packet arriving that was never sent from the other side, for example. If this is happening, it is likely to be an RST packet.

    • 1

  2. I've experienced weird ssh timeouts and I resolved it using the following:

    sudo sysctl -w net.ipv4.tcp_keepalive_time=50 \
 net.ipv4.tcp_keepalive_intvl=10 \
 net.ipv4.tcp_keepalive_probes=5

    Not sure if this will help, but maybe it is worth giving it a try.

    • 0

  3. Hard to tell without a better description of the problem (what does "dropping" mean? TCP teardown? TCP RST? Stalled connection?), but one possible interpretation of your description is that there could be a problem with path MTU discovery...

    SSH Frequently Asked Questions : My SSH session hangs part way through logging on, when I generate a lot of output from my shell...

    PMTU (Path MTU) Discovery

    • 0

  4. I had this exact problem connecting to an old 12.04 server from a LTS14.04 (previously upgraded from 12.04)

    I found that the problem is MTU related as after running

    sudo ip li set mtu 1480 dev eth0

    The problem goes away..... and returns when you set it back to 1500

    (assumes you are on a wired eth0 connection)

    • 0