Hung ssh client connection
Darren Tucker
dtucker at zip.com.au
Wed Aug 3 12:55:20 EST 2005
Damien Mascord wrote:
> We have a netscreen 5gt-plus, running ScreenOS 5.0.2, which has an ssh
> daemon running.
[...]
> If I restart the firewall using the command 'reset', I get a message
> that the firewall is resetting, which is good.
[...]
> What could be the cause of this connection 'hanging' ? Is it on the SSH
> client, the SSH server not closing the connection correctly upon reset ?
> Or could it be something in the TCP OS layer ?
When you "reset" your firewall, it flushes its state table, right? If
so then would probably include the SSH TCP connection too.
One place this might show up is in "netstat" on the client: if there's a
constant value in the "Send-Q" column for the ssh connection to your
firewall then that's almost certainly what's happening.
> If it is expected behaviour, I apologize, though would like to
> understand why this is happening on a technical level.
If connections *to* the firewall (as opposed to *through* it) are
subject the the firewall rules and unless it has the capability to
re-learn established connections then it's the behaviour I would expect.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list