behaviour of ssh/scp over flakey links - timeout/retry?

carl at bl.echidna.id.au carl at bl.echidna.id.au
Thu Dec 13 13:20:49 EST 2001 

> From: "Dan Kaminsky" <dan at doxpara.com>
> 
> Carl:
> 
>     I've honestly never had the best of luck with scp.  In my experience,
> command forwarding the tar command is the fastest, most cross-platform(even
> on Windows, using the Cygwin OpenSSH daemon) method of moving files.
> 
>     Try this:
> 
>     # For unpacked files on the backup host
>     alicehost$  ssh alice at bobhost "tar -cf - /path" | tar -xf -
>     # To get the tarball itself
>     alicehost$  ssh alice at bobhost "tar -cf - /path" > /path/bobhost.tar
>     # Slight variant -- send a tarball somewhere else
>     bobhost$  tar -cf - /path | ssh bob at alicehost "cat > /path/bobhost.tar"
> 
>     Now, that being said, it sounds like the real problem is that the TCP
> session dies on occasion.

Yep, the connection is to a few IDS probes that are behind flakey 
switches and overloaded LANs.  We get a lot of dropped sessions.

>  There are a couple solutions to this, some of
> which I'm still working on:
> 
>     1) Use a transfer system that can handle incremental(and thus resumable)
> updates.  Rsync comes to mind.  Make sure Keepalives are enabled("ssh -o
> KeepAlive Yes", or modify your /etc/ssh.conf) so timeouts will happen
> quicker, then have your script go back and rsync again if rsync returns an
> error code.  (It won't upon a successful syncing.)  Do something like:
> 
>     alicehost$  rsync -e "ssh -o KeepAlive yes" alice at bobhost:/path
> /path/bobhost/
>     or
>     bobhost$  rysnc -e "ssh -o KeepAlive yes" /path
> bob at alicehost:/path/bobhost

Ok, I like that option.

>     2) Add a TCP Reliability Layer.  ROCKS, available at
> http://www.cs.wisc.edu/~zandy/rocks/ ,handles links that are...ah..."less
> than stable".  Quoting the description:  "Rock-enabled programs continue to
> run after any of these events; their broken connections recover
> automatically, without loss of in-flight data, when connectivity returns.
> Rocks work transparently with most applications, including SSH clients,
> X-windows applications, and network service daemons."  You'll almost
> certainly need to disable SSH keepalives for this to work, but the
> reliability layer will almost certainly handle even extended network
> outages.
> 
>     I haven't tested ROCKS at *all*, but I'll be doing so shortly.

Interesting.

>     You might find yourself missing, well, the status updates that you get
> with scp.  cpipe, available at http://wsd.iitb.fhg.de/~kir/cpipehome/ , is a
> nice general purpose tool for monitoring the speed of a pipe.

No, don't care.  Just want the copy to complete, or tell me it didn't.

>     Lemme know if any of this helps; I'm working on stuff related to this
> right now.

It sure does, thankyou.

Carl

More information about the openssh-unix-dev mailing list