I encounter a strange problem with scp / sftp: I travel quite a bit. Normally I never have had any problems using ssh / scp / sftp to connect from my laptop to my computer at home / in the office. Currently (for the next 6 months, too long to ignore it) I'll stay in a place where scp / sftp seem to fail, while as usual I have no problems to establish an interactive ssh connection to these remote computers. Recently, I did not change any configuration neither on my laptop nor on the remote computers I want to connect to. In particular, I also double-checked that ? http://www.openssh.org/faq.html#2.9 does not apply, i.e., ? $ssh myhost /bin/true does not give any spurious output. More specifically, I also tried scp -v together with sshd -d on the server side. The client hangs after issuing ? debug1: Sending command: scp -v -t ~/foo At this stage, the server says ? debug1: server_input_channel_open: confirm session The complete output of scp -v and sshd -d is attached below. My problem appears to be similar to ? http://lists.mindrot.org/pipermail/openssh-unix-dev/2008-March/026276.html The only difference might be that the guy of the previous thread stayed (and suffered) in his hotel not very long so that apparently his case was never resolved properly. I cannot ignore this problem for the next six months. So any help will be appreciated! ___________________________________________________________ Schon geh?rt? WEB.DE hat einen genialen Phishing-Filter in die Toolbar eingebaut! http://produkte.web.de/go/toolbar
Does this list not like plain text attachments? Well, here is my email once more with debug output included directly. ---------------------------------------------------------- I encounter a strange problem with scp / sftp: I travel quite a bit. Normally I never have had any problems using ssh / scp / sftp to connect from my laptop to my computer at home / at work. Currently (for the next 6 months, too long to ignore it) I'll stay in a place where scp / sftp seem to fail, while as usual I have no problems to establish an interactive ssh connection to these remote computers. Recently, I did not change any configuration neither on my laptop nor on the remote computers I want to connect to. In particular, I also double-checked that ? http://www.openssh.org/faq.html#2.9 does not apply, i.e., ? $ssh myhost /bin/true does not give any spurious output. More specifically, I also tried scp -v together with sshd -d on the server side. The client hangs after issuing ? debug1: Sending command: scp -v -t ~/foo At this stage, the server says ? debug1: server_input_channel_open: confirm session The complete output of scp -v and sshd -d is attached below. My problem appears to be similar to ? http://lists.mindrot.org/pipermail/openssh-unix-dev/2008-March/026276.html The only difference might be that the guy of the previous thread stayed (and suffered) in his hotel not very long so that apparently his case was never resolved properly. I cannot ignore this problem for the next six months. So any help will be appreciated! $ scp -v scratch phorminx at foo.bar.com:~/foo Executing: program /usr/bin/ssh host foo.bar.com, user phorminx, command scp -v -t ~/foo OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to foo.bar.com [123.456.78.901] port 22. debug1: Connection established. debug1: identity file /home/phorminx/.ssh/identity type -1 debug1: identity file /home/phorminx/.ssh/id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-1024 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1024 debug1: identity file /home/phorminx/.ssh/id_dsa type 2 debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7p1 Debian-8ubuntu3 debug1: match: OpenSSH_4.7p1 Debian-8ubuntu3 pat OpenSSH_4* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'foo.bar.com' is known and matches the RSA host key. debug1: Found key in /home/phorminx/.ssh/known_hosts:13 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/phorminx/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 149 debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LC_COLLATE = C debug1: Sending env LANG = en_US.ISO-8859-15 debug1: Sending env LC_TIME = en_GB.utf8 debug1: Sending command: scp -v -t ~/foo ^Cdebug1: channel 0: free: client-session, nchannels 1 debug1: fd 0 clearing O_NONBLOCK debug1: fd 1 clearing O_NONBLOCK debug1: Killed by signal 2. # /usr/sbin/sshd -d debug1: sshd version OpenSSH_4.7p1 Debian-8ubuntu3 debug1: read PEM private key done: type RSA debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: private host key: #0 type 1 RSA debug1: read PEM private key done: type DSA debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 debug1: private host key: #1 type 2 DSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-d' debug1: Bind to port 22 on ::. Server listening on :: port 22. debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Server will not fork when running in debugging mode. debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 debug1: inetd sockets after dupping: 3, 3 Connection from 98.765.432.10 port 46213 debug1: Client protocol version 2.0; client software version OpenSSH_5.3p1 Debian-3ubuntu7 debug1: match: OpenSSH_5.3p1 Debian-3ubuntu7 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu3 debug1: permanently_set_uid: 112/65534 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: client->server aes128-ctr hmac-md5 none debug1: kex: server->client aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user phorminx service ssh-connection method none debug1: attempt 0 failures 0 debug1: userauth-request for user phorminx service ssh-connection method publickey debug1: attempt 1 failures 1 debug1: test whether pkalg/pkblob are acceptable debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1024 debug1: temporarily_use_uid: 1000/1000 (e=0/0) debug1: trying public key file /home/phorminx/.ssh/authorized_keys debug1: matching key found: file /home/phorminx/.ssh/authorized_keys, line 3 Found matching RSA key: debug1: restore_uid: 0/0 Postponed publickey for phorminx from 98.765.432.10 port 46213 ssh2 debug1: userauth-request for user phorminx service ssh-connection method publickey debug1: attempt 2 failures 1 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1024 debug1: temporarily_use_uid: 1000/1000 (e=0/0) debug1: trying public key file /home/phorminx/.ssh/authorized_keys debug1: matching key found: file /home/phorminx/.ssh/authorized_keys, line 3 Found matching RSA key: a5:d8:80:5e:f5:83:c5:eb:d0:38:13:d8:d4:87:de:cd debug1: restore_uid: 0/0 debug1: ssh_rsa_verify: signature correct Accepted publickey for phorminx from 98.765.432.10 port 46213 ssh2 debug1: monitor_child_preauth: phorminx has been authenticated by privileged process debug1: permanently_set_uid: 1000/1000 debug1: SELinux support disabled debug1: Entering interactive session for SSH2. debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: init debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: do_cleanup ___________________________________________________________ Schon geh?rt? WEB.DE hat einen genialen Phishing-Filter in die Toolbar eingebaut! http://produkte.web.de/go/toolbar
On Sun, Sep 4, 2011 at 1:43 AM, <phorminx at web.de> wrote:> I encounter a strange problem with scp / sftp: > > I travel quite a bit. Normally I never have had any problems using > ssh / scp / sftp to connect from my laptop to my computer at home / > in the office. Currently (for the next 6 months, too long to ignore it) > I'll stay in a place where scp / sftp seem to fail,Sounds like a mtu/fragmentation problem. See http://www.snailbook.com/faq/mtu-mismatch.auto.html for some suggestions. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4? 37C9 C982 80C7 8FF4 FA69 ? ? Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Thanks for the quick reply. Unfortunately, reducing the MTU on the client and server side to 576 (default was 1500) did not solve my problem. I assume that the MTU suggested there (the value 576) is a reasonable value that _should_ be small enough to avoid the fragmentation problem. Well, I could reduce this number further. Yet I do not want to experiment with yet smaller values till I reach the point where I cannot reach at all anymore the server. Then I would be really stuck! Any thoughts or ideas? Thanks a lot! I could add another strange observation: I like GNU emacs. This comes with TRAMP, the `Transparent Remote (file) Access, Multiple Protocol'. When I establish a TRAMP/ssh connection to the remote server, I can transfer big files just fine. Unfortunately, I do not know more details about how TRAMP is doing this internally. All I can say is that my TRAMP session uses the so-called `scpc' method which combines ssh with scp by reusing an existing `ssh' channel via the ssh `ControlMaster' option. So it does something like (taken from the TRAMP debug output) ? scp -p -q -r -o ControlPath=/home/phorminx/emacs/scratch/tramp.4900PZy.%r@%h:%p -o ControlMaster=auto phorminx at foo.bar.com:/home/phorminx/foo.txt /home/phorminx/emacs/scratch/tramp.49009EH.txt (I have attached the server debug output from such a session. I could also provide the complete TRAMP debug output. Yet this might be more difficult to digest for you as it uses emacs/TRAMP's internal format.) The main reason I mention this here is that if the MTU value was the real problem, I expect it should affect the TRAMP/ssh connection, too. # /usr/sbin/sshd -d debug1: sshd version OpenSSH_4.7p1 Debian-8ubuntu3 debug1: read PEM private key done: type RSA debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: private host key: #0 type 1 RSA debug1: read PEM private key done: type DSA debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 debug1: private host key: #1 type 2 DSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-d' debug1: Bind to port 22 on ::. Server listening on :: port 22. debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Server will not fork when running in debugging mode. debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 debug1: inetd sockets after dupping: 3, 3 Connection from 98.765.432.10 port 51539 debug1: Client protocol version 2.0; client software version OpenSSH_5.3p1 Debian-3ubuntu7 debug1: match: OpenSSH_5.3p1 Debian-3ubuntu7 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu3 debug1: permanently_set_uid: 112/65534 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: client->server aes128-ctr hmac-md5 none debug1: kex: server->client aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user phorminx service ssh-connection method none debug1: attempt 0 failures 0 debug1: userauth-request for user phorminx service ssh-connection method publickey debug1: attempt 1 failures 1 debug1: test whether pkalg/pkblob are acceptable debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 debug1: temporarily_use_uid: 1000/1000 (e=0/0) debug1: trying public key file /home/phorminx/.ssh/authorized_keys debug1: restore_uid: 0/0 debug1: temporarily_use_uid: 1000/1000 (e=0/0) debug1: trying public key file /home/phorminx/.ssh/authorized_keys2 debug1: restore_uid: 0/0 Failed publickey for phorminx from 98.765.432.10 port 51539 ssh2 debug1: userauth-request for user phorminx service ssh-connection method publickey debug1: attempt 2 failures 2 debug1: test whether pkalg/pkblob are acceptable debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1024 debug1: temporarily_use_uid: 1000/1000 (e=0/0) debug1: trying public key file /home/phorminx/.ssh/authorized_keys debug1: matching key found: file /home/phorminx/.ssh/authorized_keys, line 3 Found matching RSA key: a5:d8:80:5e:f5:83:c5:eb:d0:38:13:d8:d4:87:de:cd debug1: restore_uid: 0/0 Postponed publickey for phorminx from 98.765.432.10 port 51539 ssh2 debug1: userauth-request for user phorminx service ssh-connection method publickey debug1: attempt 3 failures 2 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1024 debug1: temporarily_use_uid: 1000/1000 (e=0/0) debug1: trying public key file /home/phorminx/.ssh/authorized_keys debug1: matching key found: file /home/phorminx/.ssh/authorized_keys, line 3 Found matching RSA key: a5:d8:80:5e:f5:83:c5:eb:d0:38:13:d8:d4:87:de:cd debug1: restore_uid: 0/0 debug1: ssh_rsa_verify: signature correct Accepted publickey for phorminx from 98.765.432.10 port 51539 ssh2 debug1: monitor_child_preauth: phorminx has been authenticated by privileged process debug1: permanently_set_uid: 1000/1000 debug1: SELinux support disabled debug1: Entering interactive session for SSH2. debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: init debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 0 request pty-req reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug1: session_new: init debug1: session_new: session 0 debug1: SELinux support disabled debug1: session_pty_req: session 0 alloc /dev/pts/2 debug1: server_input_channel_req: channel 0 request env reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req env debug1: server_input_channel_req: channel 0 request env reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req env debug1: server_input_channel_req: channel 0 request env reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req env debug1: server_input_channel_req: channel 0 request env reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req env debug1: server_input_channel_req: channel 0 request shell reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell debug1: Setting controlling tty using TIOCSCTTY. debug1: session_by_tty: session 0 tty /dev/pts/2 debug1: registered uid=1000 on tty='/dev/pts/2' with ConsoleKit debug1: server_input_channel_open: ctype session rchan 1 win 2097152 max 32768 debug1: input_session_request debug1: channel 1: new [server-session] debug1: session_new: session 1 debug1: session_open: channel 1 debug1: session_open: session 1: link with channel 1 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 1 request env reply 0 debug1: session_by_channel: session 1 channel 1 debug1: session_input_channel_req: session 1 req env debug1: server_input_channel_req: channel 1 request env reply 0 debug1: session_by_channel: session 1 channel 1 debug1: session_input_channel_req: session 1 req env debug1: server_input_channel_req: channel 1 request env reply 0 debug1: session_by_channel: session 1 channel 1 debug1: session_input_channel_req: session 1 req env debug1: server_input_channel_req: channel 1 request exec reply 1 debug1: session_by_channel: session 1 channel 1 debug1: session_input_channel_req: session 1 req exec debug1: Received SIGCHLD. debug1: session_by_pid: pid 23086 debug1: session_exit_message: session 1 channel 1 pid 23086 debug1: session_exit_message: release channel 1 debug1: session_by_channel: session 1 channel 1 debug1: session_close_by_channel: channel 1 child 0 debug1: session_close: session 1 pid 0 debug1: channel 1: free: server-session, nchannels 2 Received disconnect from 98.765.432.10: 11: disconnected by user debug1: do_cleanup debug1: do_cleanup debug1: session_pty_cleanup: session 0 release /dev/pts/2 debug1: unregistering ConsoleKit session f3021f11585cab6e6e7cce3849403e97-1315120728.670360-1872441218 ___________________________________________________________ Schon geh?rt? WEB.DE hat einen genialen Phishing-Filter in die Toolbar eingebaut! http://produkte.web.de/go/toolbar
> Thanks for the quick reply. Unfortunately, reducing the MTU on the > client and server side to 576 (default was 1500) did not solve my > problem.Is there possibly anything else I can do to address this problem? I can add that by now I have checked that the problem exists only at the place where I'll spent most of my time the next couple of months. When I take my laptop elsewhere, scp works fine. So I am yet more confident that the problem is not caused by a change of configuration of one or both computers between which I want to establish an scp connection. But it appears to be caused by the interplay between scp and the internet access provided by the place where I stay. (And the ssh connection established by rsync also fails -- which is too bad for my normal work!) Any help is greatly appreciated! ___________________________________________________________ Schon geh?rt? WEB.DE hat einen genialen Phishing-Filter in die Toolbar eingebaut! http://produkte.web.de/go/toolbar
> We had a similar case caused by a firewall which worked poorly > with the change of the TCP window.Were you ever able to solve this problem while this firewall was in place? Your email sounds as if the problem went away only when you got a new firewall. Oh well... ___________________________________________________________ Schon geh?rt? WEB.DE hat einen genialen Phishing-Filter in die Toolbar eingebaut! http://produkte.web.de/go/toolbar
> oh, great idea! a misconfigured stateful firewall can screw up TCP > window scaling. You can test this by disabling window scaling on > either end (exactly how is platform dependent, on Linux it's usually > "sysctl net.ipv4.tcp_adv_win_scale=0"Thanks! Actually, if I understand the tcp man page correctly, it should be net.ipv4.tcp_window_scaling, and sysctl requires `-w'. Anyway, unfortunately this does not work for me? :-( I am certainly not an expert for such things. Nonetheless, what really irritates me about this is that I can use ssh in certain ways to transfer arbitrary amounts of data without any problems. Only some other ways that I'd prefer to use are failing. ___________________________________________________________ Schon geh?rt? WEB.DE hat einen genialen Phishing-Filter in die Toolbar eingebaut! http://produkte.web.de/go/toolbar
> I travel quite a bit. Normally I never have had any problems using > ssh / scp / sftp to connect from my laptop to my computer at home > / in the office. Currently (for the next 6 months, too long to > ignore it) I'll stay in a place where scp / sftp seem to fail, > while as usual I have no problems to establish an interactive ssh > connection to these remote computers.Hello I thought I'd suffer for 6 month from this failing scp connection (probably due to a misconfigured firewall or something similar beyond my control). Yet somehow the internet connection of the place where I stay got reconfigured from scratch. Among other things that changed, this also made my scp problems go away -- whatever they were. ___________________________________________________________ Schon geh?rt? WEB.DE hat einen genialen Phishing-Filter in die Toolbar eingebaut! http://produkte.web.de/go/toolbar