Subject: RE: sshd down randomly, back up after ~10 mins?
To: Amadeus Stevenson <amadeus.stevenson@gmail.com>
From: Olmsted, Brian <Brian.Olmsted@allstream.com>
List: netbsd-users
Date: 07/10/2005 10:15:59
You probably don't need the "keep frags" part of the rule for this
application. Weird problem.
-----Original Message-----
From: owner-ipfilter@coombs.anu.edu.au
[mailto:owner-ipfilter@coombs.anu.edu.au] On Behalf Of Amadeus Stevenson
Sent: Saturday, July 09, 2005 5:38 PM
To: NetBSD Users
Cc: ipfilter@coombs.anu.edu.au
Subject: sshd down randomly, back up after ~10 mins?
Hello,
Apologies if incorrect place to post (netbsd-help?).
I have sshd running on
NetBSD GATEWAY 2.0 NetBSD 2.0 (RALTQ) #0: Sun Feb 6 22:27:10 GMT 2005
amadeus@GATEWAY:/usr/src/sys/arch/i386/compile/RALTQ i386
with ipf rule
pass in quick on rtk0 proto tcp from any to rtk0/32 port =3D 22 flags S
keep state keep frags
Every once in a while, in a way which I can't reproduce my ssh
sessions lock-up and I am then disconnected. I cannot reconnect via
sshd. However httpd continues to function "normally".
If I nmap the machine remotely it shows the sshd port as "filtered"
ie. the sshd is not responding. Normally it is "open". httpd is open
at all times.
I changed LogLevel DEBUG in sshd_config and the following corresponds
in authlog:
Jul 9 22:12:06 GATEWAY sshd[27212]: Read error from remote host
my.ip.address: Connection timed out
Otherwise there are no entries in /var/log/messages or /var/authlog.
The pid remains the same before and after this happens, so sshd is not
restarted.
ssh comes alive again after ~5/10 minutes.
Does anyone know why this would happen?=20
Or better still: how can I debug more?
I have a default-block-all on the machine, but ipmon doesn't show any
blocked packets when I regain access and check.
Any ideas would be appreciated.
This didn't always seem to happen...
Amadeus