I have recently updated my home system to Fedora Core 3, running the
standard FC3 openssh-server-3.9p1-7 RPM, with priv separation. I can
connect to my home system from my office desktop (Fedora Core 2,
running the FC2 openssh-3.6.1p2-34 RPM, under gnome-terminal-2.6.0-2)
and login, just fine.
The problem is that several times a day, my connection freezes.
Typically I'll be doing one of two things. Either I'll have just run
'screen -d -r' to reconnect to a disconnected Screen session, and
everything freezes after the screen is repainted with the disconnected
session, or I'll run mutt and the connection freezes while mutt is
showing me the progress report at the bottom of the screen as it scans
When the connection freezes, I am able to ssh into my home system from
a new terminal window and kill off the old connection. When I run an
strace on the unprivileged sshd process, I see that it is waiting in
Eventually, the hung ssh session reports a time out, and the
connection is lost.
My home system is connected to a Netopia Cayman 3546 ADSL Router,
which is doing straight routing of a static IP address assignment over
PPPoE. There is no NAT'ing being done on my home system's side at
all. I have my home system configured to specify an MTU of 1492 so
that there should be no issues with over-large packets failing to get
through the PPPoE link, but my client side FC2 system has its local
MTU set to 1500.
The connection freeze behavior makes me tend to think there is in fact
an MTU problem, such that either the ssh server on my home system or
the ssh client on my desktop is trying to send a packet with more than
1492 bytes and that packet is being dropped at the PPPoE link, with
repeated retransmissions similarly failing.
However, I believe that Path MTU discovery should be working properly
between the two end points. My office desktop is not firewalling ICMP
packets, my laboratory's firewall should not be firewalling ICMP
packets, the Netopia should not be doing any firewalling at all, and
my home system is not firewalling ICMP.
Also, before I updated my home system, it was running Fedora Core 2
with the MTU left to the default 1500 bytes and everything was running
fine, despite the 1492 byte limit on the PPPoE link, which implies
that PMTU discovery was working properly then.
Anyone see anything obvious to test or examine? I'm willing to set up
ethereal, but as the problem only occasionally happens, I'm hoping
that someone has some insight for me to pursue first, rather than
having to have ethereal running for an indefinite period.
Jonathan Abbey XXXX@XXXXX.COM
Applied Research Laboratories The University of Texas at Austin
GPG Key: 71767586 at keyserver pgp.mit.edu, http://www.yqcomputer.com/