Starting around the end of the year, sshd is taking a LONG time to
proceed, just a bit after the few first packets.
Here:
11:25:03.624519 172.31.199.17.2058 > 172.31.199.20.22: S [tcp sum ok]
2790790408:2790790408(0) win 57344 <mss 1460,nop,wscale
0,nop,nop,timestamp 187450151 0> (DF) (ttl 64, id 17561, len 60)
11:25:03.624771 172.31.199.20.22 > 172.31.199.17.2058: S [tcp sum ok]
714515882:714515882(0) ack 2790790409 win 65535 <mss 1460,nop,wscale
1,nop,nop,timestamp 794169 187450151> (DF) (ttl 64, id 6630, len 60)
11:25:03.624825 172.31.199.17.2058 > 172.31.199.20.22: . [tcp sum ok]
1:1(0) ack 1 win 57920 <nop,nop,timestamp 187450151 794169> (DF) (ttl
64, id 17562, len 52)
11:25:03.627353 172.31.199.20.22 > 172.31.199.17.2058: P [tcp sum ok]
1:40(39) ack 1 win 33304 <nop,nop,timestamp 794174 187450151> (DF) (ttl
64, id 6631, len 91)
11:25:03.627677 172.31.199.17.2058 > 172.31.199.20.22: P [tcp sum ok]
1:40(39) ack 40 win 57920 <nop,nop,timestamp 187450151 794174> (DF) (ttl
64, id 17563, len 91)
11:25:03.631703 172.31.199.20.22 > 172.31.199.17.2058: P [tcp sum ok]
40:576(536) ack 40 win 33304 <nop,nop,timestamp 794183 187450151> (DF)
(ttl 64, id 6632, len 588)
11:25:03.631786 172.31.199.17.2058 > 172.31.199.20.22: P [tcp sum ok]
40:576(536) ack 576 win 57384 <nop,nop,timestamp 187450151 794183> (DF)
(ttl 64, id 17564, len 588)
11:25:03.731944 172.31.199.20.22 > 172.31.199.17.2058: . [tcp sum ok]
576:576(0) ack 576 win 33304 <nop,nop,timestamp 794384 187450151> (DF)
(ttl 64, id 6633, len 52)
11:25:03.731990 172.31.199.17.2058 > 172.31.199.20.22: P [tcp sum ok]
576:600(24) ack 576 win 57920 <nop,nop,timestamp 187450161 794384> (DF)
(ttl 64, id 17566, len 76)
11:25:03.740924 172.31.199.20.22 > 172.31.199.17.2058: P [tcp sum ok]
576:1000(424) ack 600 win 33304 <nop,nop,timestamp 794401 187450161>
(DF) (ttl 64, id 6634, len 476)
11:25:03.775190 172.31.199.17.2058 > 172.31.199.20.22: P [tcp sum ok]
600:1016(416) ack 1000 win 57920 <nop,nop,timestamp 187450166 794401>
(DF) (ttl 64, id 17567, len 468)
11:25:03.826489 172.31.199.20.22 > 172.31.199.17.2058: P [tcp sum ok]
1000:1928(928) ack 1016 win 33304 <nop,nop,timestamp 794572 187450166>
(DF) (ttl 64, id 6635, len 980)
11:25:03.878175 172.31.199.17.2058 > 172.31.199.20.22: P [tcp sum ok]
1016:1032(16) ack 1928 win 57920 <nop,nop,timestamp 187450176 794572>
(DF) (ttl 64, id 17570, len 68)
11:25:03.978067 172.31.199.20.22 > 172.31.199.17.2058: . [tcp sum ok]
1928:1928(0) ack 1032 win 33304 <nop,nop,timestamp 794876 187450176>
(DF) (ttl 64, id 6637, len 52)
11:25:03.978113 172.31.199.17.2058 > 172.31.199.20.22: P [tcp sum ok]
1032:1080(48) ack 1928 win 57920 <nop,nop,timestamp 187450186 794876>
(DF) (ttl 64, id 17587, len 100)
11:25:03.978519 172.31.199.20.22 > 172.31.199.17.2058: P [tcp sum ok]
1928:1976(48) ack 1080 win 33304 <nop,nop,timestamp 794876 187450186>
(DF) (ttl 64, id 6638, len 100)
11:25:03.978750 172.31.199.17.2058 > 172.31.199.20.22: P [tcp sum ok]
1080:1144(64) ack 1976 win 57920 <nop,nop,timestamp 187450186 794876>
(DF) (ttl 64, id 17588, len 116)
11:25:04.078627 172.31.199.20.22 > 172.31.199.17.2058: . [tcp sum ok]
1976:1976(0) ack 1144 win 33304 <nop,nop,timestamp 795077 187450186>
(DF) (ttl 64, id 6640, len 52)
At this point, ps alx shows:
0 6609 6387 0 4 0 4004 2072 sbwait S ?? 0:00.02
/usr/sbin/sshd
22 6610 6609 0 4 0 4076 2200 kqread S ?? 0:00.08
sshd: [net] (sshd)
and then:
0 6609 6387 0 4 0 4004 2072 sbwait I ?? 0:00.02
/usr/sbin/sshd
22 6610 6609 0 4 0 4076 2200 kqread S ?? 0:00.08
sshd: [net] (sshd)
It proceeds from there after a while.
11:26:19.030401 172.31.199.20.22 > 172.31.199.17.2058: P [tcp sum ok]
1976:2056(80) ack 1144 win 33304 <nop,nop,timestamp 944898 187450186>
(DF) (ttl 64, id 11691, len 132)
[etc]
Ok, this is 75 seconds, which is the common timeout for NS. Thing is...
1) No NS queries are made during this process.
2) Nothing changed in the environment, except updating FreeBSD.
3) My sshd is not configured to check for reverse.
Anyone has any clues?
--
Daniel C. Sobral
Gerência de Operações
Divisão de Comunicação de Dados
Coordenação de Segurança
TCO
Fones: 55-61-313-7654/Cel: 55-61-9618-0904
E-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
- Re: sshd login Daniel C. Sobral
- Re: sshd login Daniel C. Sobral
- Re: sshd login Gregory Neil Shapiro
- Re: sshd login Daniel C. Sobral
- Re: sshd login Daniel C. Sobral
- Re: sshd login Daniel C. Sobral
