sshd dies when starting gkrellm

cira ciradrak at centurylink.net
Wed Aug 30 11:50:00 AEST 2017


sshd also dies when certain other kinds of traffic is generated, such as
`man pw' using the most pager[1], and many x11 apps such as emacs.
However, it is stable when running simple x11 apps such as xeyes, and
the link its self is stable -- a terminal will stay connected without
issue for days, as long as not much happens in it.  Also a sshfs
connection dies immediately.

ssh -Y karren
gkrellm &
*sshd dies*

Cutting to the chase, the log message which seems the most important is:

Aug 23 14:45:11 karen sshd[62451]: fatal: Fssh_packet_write_poll:
Connection from 174.77.777.77 port 57670: Permission denied

However, even if I put both machines outside their respective firewalls,
opening all ports, the message is still the same.  It sounds like
something internal to the server is denying access to the high port it
wants, but other high port services work ok: irc & mosh.  And yeah, mosh
works atop of ssh, but it doesn't do everything I need, and it scrambles
keycodes going to emacs.  Even more confusing, these two machines work
fine when they're both on the same LAN, so it seems like it must be
something with the uplink to the Internet.  I also suspect the server's
uplink as the behavior was the same when I took the client to our local
university.

`sshd -ddd' doesn't add any further insights for me, only lots of PAM
diagnostics:

debug1: Setting controlling tty using TIOCSCTTY.
Fssh_packet_write_poll: Connection from 174.52.251.44 port 32812:
Permission denied
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: PAM: cleanup
debug1: PAM: closing session
debug1: PAM: deleting credentials
debug3: PAM: sshpam_thread_cleanup entering
debug1: session_pty_cleanup: session 0 release /dev/pts/23

Feedback on one of the FreeBSD forums suggested that the MTU on the
routers might be less than what the machines was using, and that
excessive fragmentation might be causing the connection to die.  The
router MTUs were 1492, and the system MTUs were 1500.  Unfortunately,
reducing the systems' MTUs to 1400 did not affect the problem but at
least I have less fragmentation now.

I've tried every config option and commandline switch that looked even
remotely related, but nothing has affected it.  -ddd -vvv -E -D and all
sorts of keepalives.  Of course, I'm hoping that someone is going to
point at one that I missed and magically make it work.  I've used ssh
for many years and never had a problem like this before.

The Server
----------
$ uname -a
FreeBSD karren.example.com 11.0-RELEASE-p9 FreeBSD 11.0-RELEASE-p9 #0:
Tue Apr 11 08:48:40 UTC 2017
root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

$ sshd -v
OpenSSH_7.2p2, OpenSSL 1.0.2k-freebsd  26 Jan 2017

The ISDN-TA is a CenturyLink ZyXEL PK5001Z


The Client
----------
$ uname -a
Linux piglet 4.10.0-32-generic #36~16.04.1-Ubuntu SMP Wed Aug 9 09:19:02
UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

$ ssh -V
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g  1 Mar 2016

The Cable Modem is a ARRIS TG1682

Even after writing all this I'm not sure what makes sense to try next.
I could upgrade the binaries, but these are the standard shipping ones
on the distros; and no one else seems to be having this problem.  This
thing has really crimped my style for the last week of head banging
against it.  Please can someone help?

[1] The failure with `man pw' and the more pager is quasi intermittent.
Sometime the link dies before the first screen full is rendered.  Other
times you can page up and down a bit before it croaks.  The `man pw'
page is stable using the less pager.


More information about the openssh-unix-dev mailing list