Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Michael Levin
April 2, 2004, 1:46 am
rate this thread
Thank you for replying to my post!
I believe the server is behind a firewall. Iım sorry Iım not up on the
details here. Whatıs this state-table timeout? Iım assuming it can cause
these pauses; if so, is there anything that can be done to help the
situation? Maybe I can talk to the sysadmin there, if I knew what I was
asking him to do...
Iım running OpenSSH 3.6.1 on Mac OSX. I scoured the OpenSSH website, and
while they say the 3.8 is out, I donıt see a TAR archive for 3.8 anywhere,
and I donıt see an OSX executable anywhere either. Do you by any chance know
where I can get 3.8 (hopefully executable for OS X, or if not, something
which will compile on OSX)? Currently, thereıs no file name ssh_config on my
system. Is this a 3.8-specific thing, or should there be one somewhere for
3.6 as well?
I tried this; when I first started SSH, it spit out a bunch of stuff
before it logged in. Then I logged in, and no special messages appeared at
all (it did the freeze thing once) - all I saw was what the server system
was saying (I worked in the shell, used Emacs, etc.). Then I logged out, and
it said a bunch of stuff as it exited. How does the vvv work if there was
a problem during the session, would it superimpose its messages on the text
coming from the server?
Thank you for your time and help.
Re: 2 SSH questions: why does it pause so much, and, can I keep connection alive?
The exact details are usually product-specific, but the basics are:
Stateful-inspection type firewalls keep track of connections running
through them in a "state table". When a packet arrives, its source IP,
destination IP, source port and destination port are checked against the
state table, and if it matches the packet is let through. If the packet
is not in the state table, the rulebase is checked and if it's permitted,
then the connection is added to the state table. When the connection
closes, it is removed from the state table.
The catch here is in some cases, (eg crashing clients, or half-open
port scans) the connection is never closed, and the table risks growing
without limit. To combat this, a timeout is enforced where any connection
that has not seen a packet within X seconds is aged out of the table.
Some systems have a mechanism whereby an active connection can be put
back in the state table (again, this is product-specific).
All versions of OpenSSH will read an ssh_config file. (There are sensible
defaults, so it can survive without it).
As for downloads:
You want "openssh-3.8p1.tar.gz". The OpenSSH team don't offer binaries
for OS X.
Yes, if there was something odd coming from the server (eg a rekey request)
then it would have appeared in a "debug" message.
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- » Anyone have executable for OpenSSH 3.8 for Mac OS X?
- — Next thread in » Secure Shell Forum
- » Re: OpenSSH 3.8p1 Privilege Separation and "connection closed" error at KEXINIT
- — Previous thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum