Re: [rdiff-backup-users] SSH time out, how to remedy? [Scanned]

rdiff-backup-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [rdiff-backup-users] SSH time out, how to remedy? [Scanned]

From:	Maarten Bezemer
Subject:	Re: [rdiff-backup-users] SSH time out, how to remedy? [Scanned]
Date:	Fri, 5 Jun 2009 08:34:21 +0200 (CEST)


On Thu, 4 Jun 2009, Pieter Donche wrote:

The problem is solved, but still is puzzling ... I summarize:

[..]

- the problem was SSH related (SCPing a large file on target machine via scpinitiated on the backup server, also got 'stalled' and finally "connectionlost", using FTP to transfer the file : no problem..
- the target machine is behind a firewall. And that firewall has a limitationset up for SSH, to counter Brute Force SSH attacks: if more than 3 SSH loginrequests are performed from a same machine in a minute, one has to wait aminute before a next request will be honoured.

[..]

Has anyone any ideas to what might be going on ?

At first, my guess was that regressing took longer than some routerinbetween liked, resulting in a dropped connection, since regressingdoesn't exchange data for as long as it's running (at least when notrunning very verbose).Now, with your scp test stalling, it seems that dropping the connectionbecause of not sending any data may not be your only problem here.FTP and SCP have only very limited knowledge of the underlying tcp stack,so should behave similar. However, data connections in FTP can be bothactive and passive, meaning that they can be originated at local or remoteside. What type of FTP did you test?

For now, especially since you say that tweaking the firewall settings'fix' your problem, I'd say your firewall device is screwing things up.Apparently it is either dropping existing, active connections, or it isfailing to get some packets through properly. Maybe related to MTU/MRUlimitations somewhere along the path.

Did you monitor failing sessions with tcpdump at both ends? That may be alot of data to parse through, but may be very helpful in pinpointing theproblem. Connections only time out after a lot of retransmits, and at somepoint in the network between the two hosts either the data or the ackpackets get dropped (or corrupted, or wrongly rewritten by some firewalldevice).


HTH,
Maarten

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [rdiff-backup-users] SSH time out, how to remedy? [Scanned], Pieter Donche, 2009/06/03
- Re: [rdiff-backup-users] SSH time out, how to remedy? [Scanned] (fwd), Greg Freemyer, 2009/06/03
- Re: [rdiff-backup-users] SSH time out, how to remedy? [Scanned], Pieter Donche, 2009/06/04
  - Re: [rdiff-backup-users] SSH time out, how to remedy? [Scanned], Maarten Bezemer <=
    - Re: [rdiff-backup-users] SSH time out, how to remedy? [Scanned], Pieter Donche, 2009/06/05
    - Re: [rdiff-backup-users] SSH time out, how to remedy? [Scanned], Maarten Bezemer, 2009/06/05
    - Re: [rdiff-backup-users] SSH time out, how to remedy? [Scanned], Pieter Donche, 2009/06/05

Prev by Date: Re: [rdiff-backup-users] SSH time out, how to remedy? [Scanned]
Next by Date: Re: [rdiff-backup-users] SSH time out, how to remedy? [Scanned]
Previous by thread: Re: [rdiff-backup-users] SSH time out, how to remedy? [Scanned]
Next by thread: Re: [rdiff-backup-users] SSH time out, how to remedy? [Scanned]
Index(es):
- Date
- Thread