SSH connections dropping after two or so lines

12.04 networking server sshd
7,402

Before you start, make sure that the system time at both ends are synchronized. This helps with the comparison later.

Run tcpdump at both ends, filtered for TCP port 22. You mention that the client is using PuTTY so I assume Windows. You can get wireshark for Windows and it has a capture capability that you can use in place of tcpdump.

Using tcpdump, you would do this with something like: tcpdump -w/tmp/ssh.pcap -s0 -ieth0 port 22. With wireshark on Windows, you can set up a capture filtered for port 22 using the GUI, and then save the capture to disk.

Now open up both captures with wireshark. Find the point of disconnection. You should be able to see which end initiated the connection shutdown (where does a FIN or RST connection arrive from first?)

You can also check to see if a third party host (eg. a router, or an ISP) is interfering with the connection. You'll identify this if you spot a packet arriving that was never sent from the other side, for example. If this is happening, it is likely to be an RST packet.

Share:
7,402
nanofarad
Author by

nanofarad

Updated on September 18, 2022

Comments

  • nanofarad
    nanofarad over 1 year

    I'm actually having a bit of an odd problem. I'm running Ubuntu Server 12.04, with a minimal set of packages: The base system, sshd, and an IRC server. I must allow someone else to configure the server to connect to their IRC network. However, they seem to be dropping after two lines of ls or cat.

    Odder, this only happens on this server, and I haven't been able to reproduce it at all using PuTTY or an ssh client. Where should I look to diagnose this? auth.log shows a normal connection and authentication and does not give any details about the drop. fail2ban has no violations with the originating IP address.

    This is a virtual machine with a forwarded port(it is bridge mode and has normal network connectivity). I can connect locally, across the LAN, and from a remote location with PuTTY without any problems. The other person can connect using ssh on Linux but encounters the connection dropping.

    Logs from client.

    Server-side logs show nothing out of the ordinary.

    • Admin
      Admin almost 11 years
      Try connecting with the -vvv option ssh -vvv user@server
    • Admin
      Admin almost 11 years
      @bodhi.zazen and other commenters: I'm working with someone else that's having this issue so I'll respond as soon as I know.
    • Admin
      Admin almost 11 years
      -vvv appears to show normal output, and it drops without warning or complaint.
    • Admin
      Admin almost 11 years
      Is "someone else" connecting from the Internet? Are YOU connecting from the Internet or from LAN? Can you describe or even draw a diagram of your network? Is this server a virtual machine?
    • Admin
      Admin almost 11 years
      @EricCarvalho Updated. I pass through the NAT from an otherwise untrusted external address just fine.
    • Admin
      Admin almost 11 years
      Can you obtain their client logs? The ones attached just show a normal exit - or is that actually the error case?
    • Admin
      Admin almost 11 years
      @IlluminAce Those ARE the client logs when the issue comes up.
    • Admin
      Admin almost 11 years
      Weird! I'd start ruling out pieces with things like ssh -F /dev/null user@host to rule out the client's /etc/ssh/ssh_config and .ssh/config... and also ssh -t user@host bash --noprofile --norc to rule out something happening in /etc/profile,~/.bash_profile,~/.bashrc, etc. If the latter works, I'd run "bash" within the profile-less bash to get a normal bash and see if that exits unexpectedly.
    • Admin
      Admin almost 11 years
      As bizarre as it sounds, this kind of looks like someone decided ircd shouldn't be allowed to log in but couldn't figure out the right way to prevent it, and so they set up a cron job to kill all of that user's processes every 2 seconds instead. However, when I try this, I can only get my bash to print Killed or Hangup instead of exit. Maybe there's something odd in the packaging of whatever IRC daemon you're running?
    • Admin
      Admin almost 11 years
      @Paul There is no such cronjob. I can log into that account remotely without the issue so it must lie in the other person's client.
    • Admin
      Admin almost 11 years
      @Paul That command also does not give any data and stops immediately.
  • nanofarad
    nanofarad almost 11 years
    On the server? Or the client?
  • nanofarad
    nanofarad almost 11 years
    If you look at the logs I've linked, you can see that the "dropping" happens in software where the client reports a normal soft disconnection. This has nothing to do with a hard socket failure as far as I can tell.
  • Steven K
    Steven K almost 11 years
    ... but, those logs include the client issuing the "exit" command, at which point the correct behavior is for the connection to drop...?
  • nanofarad
    nanofarad almost 11 years
    Exactly. The exit command is never issued by either endpoint's user or the server's configuration, so I'm trying to diagnose why the client is doing this.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Making websites visible to outside networks with Ubuntu Server 12.04
DNS configuration problem with BIND9
Bonding + Bridge : traffic passing through the wrong interface
Hardcoded static IP assignment for eth1
Ubuntu Server wont recognize ethernet
Ethernet card not detected on Ubuntu Server 12.04
Ubuntu 12.04 Server ping gateway responds with destination host unreachable
Server error (-5 - No address associated with hostname)
Host two separate web servers on the same IP
Extremely slow network transfers in one direction