Date: Wed, 17 Apr 2002 00:35:00 +0200 From: Erik Trulsson <ertr1013@student.uu.se> To: "Michael W. Collette" <metrol@metrol.net> Cc: FreeBSD Mailing Lists <freebsd-security@FreeBSD.org> Subject: Re: SSH Connection Time Problems Message-ID: <20020416223500.GA465@student.uu.se> In-Reply-To: <200204161523.37293.metrol@metrol.net> References: <200204161523.37293.metrol@metrol.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Apr 16, 2002 at 03:23:37PM -0700, Michael W. Collette wrote: [This should probably have gone to -questions instead.] > Recently I have had some problems with getting an SSH connection from my > FreeBSD 4.5-Stable box to my web hosting company's servers, also running > FreeBSD. It takes over a minute to establish a connection, which is really > mucking up the tunnelling of services I have going to them. Two possibilities come to mind: DNS or ident > Initially I was thinking that something changed on the web host, as I was able > to make http and pop3 connections to them without delay. Upon writing them > about this they suggested that the problem with network latency. Didn't make > much sense to me, as latency shouldn't be protocol specific. Even still, I > contacted my ISP about this. Probably not DNS then. > > The tech at my ISP didn't have any delay getting a connection to the web host. > He then set me up with a shell account on a RedHat box they were running > their hosting on. I was able to get an SSH connection directly to them > without delay. > > I'm running IPFW here, so I added a pass everything rule to cancel it out. No > difference. Try adding the following rule to your IPFW rule set. ipfw add reset tcp from any to me 113 Normally when you try to connect with ssh, the ssh daemon at the other end tries to connect to port 113 (auth) on your machine to see who you are. If nothing is listening on that port it will eventually continue anyway. The 'reset' rule I gave above will immediately return a 'nobody listening here' message to the other end instead of just dropping the packet and thus forcing the other to wait for a timeout (which takes about a minute.) -- <Insert your favourite quote here.> Erik Trulsson ertr1013@student.uu.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020416223500.GA465>