2

I've got a strange problem with SSH. When I try to do something that sends a lot of text over it, often it will break the connection ("connection reset by peer"). It's not every time, but often enough to be extremely annoying. I don't know where to start looking for a solution. I've tried multiple clients on different machines, same result. I'm currently using PUTTY. Also, if it's relevant, when it dies it seems to start sending back lines of data and then arbitrarily die.

Thoughts? I can post more details if you give me hints on what to post, I don't really know what else to put up here.

OpenSSH_5.5p1 Debian-4ubuntu6, OpenSSL 0.9.8o 01 Jun 2010

Thanks! ~Charlie

Charles Offenbacher
  • 145
  • 6

2 Answers2

6

That really sounds like some sort of deep-packet inspection system getting fierce about traffic it's not sure about. The idea that the far end would reset the connection when things are, by all accounts, going quite well, seems a bit odd.

My first step in diagnosing this would be to get tcpdump captures from both ends of the connection simultaneously. That'll let you correlate the packets at each end and make sure they match up. If my DPI surmise is correct, you'll have RST packets arriving that have no corresponding departure from the other end (most DPI setups will RST both ends, which will make it even more obvious). Otherwise, if one end really is tearing down the connection itself, you'll be able to see which end is making the decision to stop things, and if that's the case, then you can strace that end and get to the bottom of it that way.

womble
  • 95,029
  • 29
  • 173
  • 228
3

The other case where I've seen this happen is someone used smaller MTUs then the default MTU for the remote interface, and, then is blocking MTU discovery by blocking ICMP packets. This can happen with odd NAT setups.

In this case though it will work when you cat a small file, but, a big file will either hang or reset the connection so it's pretty easy to test.

Bruce ONeel
  • 401
  • 2
  • 1