Re: [rdiff-backup-users] SSH time out, how to remedy? [Scanned]

[Pieter Donche]

The problem is solved, but still is puzzling ... I summarize:

- I have a freebsd7.2 backup server and a freebsd7.2 target machine to be 
backed-up. They were in the same building (but is different subnets). All 
went well. - then the backup server was moved 5 km away in another subnet. 
Result: rdiff-backup, which uses SSH to login to address@hidden and 
starts there rdiff-backup in server mode to perform the backup, now got 
stuck and then: connection lost...

- the problem was SSH related (SCPing a large file on target machine via 
scp initiated on the backup server, also got 'stalled' and finally 
"connection lost", using FTP to transfer the file : no problem..

- the target machine is behind a firewall. And that firewall has a 
limitation set up for SSH, to counter Brute Force SSH attacks: if more 
than 3 SSH login requests are performed from a same machine in a minute, 
one has to wait a minute before a next request will be honoured.

This was never a problem when the backup machine was in its original 
location but arose as soon as when it was in the new location ...

Removing the limitation rule made SSH scp and rdiff-backup to work 
again ...

Very strange? what could cause that?

It also seems related to the SSH deamon itself: we did a test, with 
disconnecting the backup-server and putting a portable in place (on same 
TCP/IP settings). Using winscp in WindowsXP or unix-scp in Ubuntu on that 
portable was able to transfer a large testfile from the target machine,

So: with another SSH deamon to talk to, it worked even with the 
limitations of max. 3 SSH login requests/minute.

Has anyone any ideas to what might be going on ?


On Wed, 3 Jun 2009, Jason Spalding wrote:

> Make sure at least TCPKeepAlive is uncommented (remove the #). I've had too
> many issues with so-called "defaults" on any system to trust if they're not
> explicitly defined.
>
> Yes, they would have to be changed on the target machine - the machine that
> has the SSH *server* on it.
>
> Having said that, and in partial answer to your next question - according to
> my copy of Pro OpenSSH (a valuable resource if you start using ssh more) you
> can set these settings on the local SSH client as well, thus preventing the
> need for you to change anything on the server.
>
>
> On 3/6/09 6:30 PM, "Pieter Donche" <address@hidden> wrote:
>
> > Hi,
> > both on the backup and target machine my /etc/ssh/sshd_config has:
> > #TCPKeepAlive yes
> > #ClientAliveInterval 0
> > #ClientAliveCountMax 3
> >
> > The manual says TCPKeepAlive is default yes.
> > So I don't understand  why the connection still dies ?
> >
> > If I want to use ClientAliveInterval and ClientAliveCountMax,
> > these would have to be changed on the target machine?
> > would
> > ClientAliveInterval 15
> > ClientAliveCountMax 3
> > be a reasonable choice?
> > this would send out every 15 seconds after no data has been received
> > from the client a request of a response from the client and try that
> > 3 times?
> >
> > Is that correct?
> >
> > Can these settings for the ssh connection used by rdiff-backup been set
> > somewhere on the command line that I have in targetmachine's
> > /root/.ssh/authorized_keys2 ?
> > now it has:
> > command="rdiff-backup --server --restrict-read-only
> > /",from="<mybackupmachine>",no-port-forwarding,no-X11-forwarding,no-pty
> > ssh-rsa AA   ... vQ== backup@<mybackupmachine>
> >
> > (this would leave the 'general' settings of sshd_config intact)
> >
> >
> > On Wed, 3 Jun 2009, Jason Spalding wrote:
> >
> > > Do you have TCPKeepAlive turned on in your /etc/ssh/sshd_config (or
> > > appropriate config file)? And if so, have you toyed with the
> > > ClientAliveInterval and ClientAliveCountMax intervals? See
> > > http://www.openssh.com/faq.html#2.12 for a quick reference.
> > >
> > > On 3/6/09 4:43 PM, "Pieter Donche" <address@hidden> wrote:
> > >
> > > > If I initiate a rdiff-backup at the command line from my backup server:
> > > >
> > > > address@hidden ~]$ /usr/local/bin/rdiff-backup macos-backup::/var
> > > > /home/backup/ma
> > > > cos/var
> > > > Previous backup seems to have failed, regressing destination now.
> > > > Read from remote host macos.cmi.ua.ac.be: Connection reset by peer
> > > > Fatal Error: Lost connection to the remote system
> > > >
> > > > Seems the SSH connection gets lost..
> > > >
> > > > How can one remedy to this (rdiff-backup paramters, ssh parameters ???)