login about faq

Hi,

We have a problem with ssh keys connection where the connection sometime fails and sometime succeeds.

Check this out (SSH in a while true loop, going to same dst from same src with same user):

-bash-3.00$ while [ 1 -eq 1 ]; do echo -n "LOCAL "; date; /opt/SSHtectia/6.2.2_A0/bin/sshg3 -vvv user001@server14 date; echo "SLEEP 3"; sleep 3; done

LOCAL Tue Feb 18 16:19:49 EST 2014

2014-02-18 16:19:51: 6200 Broker_tcp_connect, Dst: server14, Dst Port: 22, Src Port: 61289, Local username: www

2014-02-18 16:19:51: 6209 Broker_connection_connect_failed, Dst: server14, Dst Port: 22, Local username: www, Remote username: user001, Uses gateway?: No, Session-Id: 4, "Connection lost, Connection lost, local disconnect" Connection open failed; Connection lost (local): Connection lost

SLEEP 3

LOCAL Tue Feb 18 16:19:54 EST 2014

2014-02-18 16:19:54: 6200 Broker_tcp_connect, Dst: server14, Dst Port: 22, Src Port: 61292, Local username: www

2014-02-18 16:19:54: 1002 Algorithm_negotiation_success, "kex_algorithm=diffie-hellman-group1-sha1, hostkey_algorithm=ssh-dss, cipher=aes128-cbc/aes128-cbc, mac=hmac-sha1/hmac-sha1, compression=none/none", Session-Id: 6

2014-02-18 16:19:54: 6204 Broker_transport_connect, Dst: server14, Dst Port: 22, Remote username: user001, Src Port: 61292, Local username: www, Session-Id: 6

2014-02-18 16:19:54: 1003 KEX_success, Algorithm: diffie-hellman-group1-sha1, Modulus: 1024 bits, Session-Id: 6, Protocol-session-Id: 3208C682434F4A0DAE7035A60E86F7400BB581B0

You are authorized to use this System for approved business purposes only. Use for any other purpose is prohibited. All transactional records, reports, e-mail, software, and other data generated by or residing upon this System are the property of the Company and may be used by the Company for any purpose. Authorized and unauthorized activities may be monitored.

2014-02-18 16:19:54: 703 Auth_methods_available, Auth methods: publickey,keyboard-interactive, Session-Id: 6

2014-02-18 16:19:55: 1210 Key_store_sign, Key path: software://1/directory_key(/etc/opt/SSHtectia/keys/www/id_rsa_2048_a)/key_id(2), Session-Id: 6

2014-02-18 16:19:55: 6302 Broker_userauth_method_success, "publickey", Session-Id: 6

2014-02-18 16:19:55: 6208 Broker_connection_connect, Dst: server14, Dst Port: 22, Local username: www, Remote username: user001, Uses gateway?: No, Session-Id: 6

2014-02-18 16:19:55: 6004 Broker_exec_channel_open, Client: sshg3, Pid: 15849, Server Port: 0, Local username: www, Command: date, "Terminal width: 80 chars, Terminal height: 24 rows, Terminal width: 640 pixels, Terminal height: 480 pixels, Stderr type: separate, Is subsystem?: FALSE, Allocate pty?: FALSE, X11 forwarding?: retain, Agent forwarding?: retain, X11 Display Variable: (null), Agent variable: (null), Term variable: xterm", Channel Id: 7, Session-Id: 6

Tue Feb 18 16:19:55 EST 2014

SLEEP 3

As shown, that's one failed connection followed by a successful connection straight after.

Anyone got any ideas?

Thanks, Andrew

asked Feb 18 '14 at 07:44

al68835's gravatar image

al68835
1111


It looks like maybe your using version 6.2.2.

If this is the case I highly recommend you upgrade, because there were a number of performance fixes in the later versions of the Tectia software on the client/broker side.

link

answered Feb 18 '14 at 17:17

Joe%20-%20Tectia%20Support's gravatar image

Joe - Tectia Support ♦♦
55215

Unfortunately that can't be done :(

(Feb 19 '14 at 07:21) al68835 al68835's gravatar image

Further findings:

It only happens on port 22. What happens is, the client initiates the connection from the src server, but the dst server doesn't respond to the request, the client then gives up trying. This is what we saw from snoop.

src -> dst Syn

src -> dst Ack

src -> dst Ack

src -> dst Push Ack

src -> dst Push Ack

src -> dst Ack

src -> dst Push Ack

Then src give up and reports "Connection lost (local)".

(Feb 19 '14 at 07:25) al68835 al68835's gravatar image
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×27
×21
×9
×3
×1

Asked: Feb 18 '14 at 07:44

Seen: 4,213 times

Last updated: Feb 19 '14 at 07:25

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.