LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-19-2019, 02:12 PM   #1
asarangan
Member
 
Registered: Jul 2009
Posts: 42

Rep: Reputation: 5
SSH Freeze


When I ssh from my office to my home (both ends running Slackware 14.2), I often get a screen freeze. I don't think this has anything to do with inactivity because it freezes most often while I am typing. The only way out is to kill the terminal and start again. The ssh rarely lasts more than 5 minutes, so it is really a big issue for me. I checked /var/messages, it shows that I logged in via publickey, but it doesn't show that it got disconnected. It could be my router that is acting weird, but I'd like to know how to narrow it down. Thanks.
 
Old 08-19-2019, 06:57 PM   #2
Keith Hedger
Senior Member
 
Registered: Jun 2010
Location: Wiltshire, UK
Distribution: Linux From Scratch, Slackware64, Partedmagic
Posts: 2,703

Rep: Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678
Can't help with the why, but as a fix so that you don't lose what yur doing, try using 'screen' that way if u get disconected u can re attach to the session u was using
 
Old 08-19-2019, 08:22 PM   #3
permaroot
Member
 
Registered: Aug 2019
Location: Arden, NC
Distribution: Manjaro, Centos7, Arch
Posts: 105

Rep: Reputation: 46
Quote:
Originally Posted by asarangan View Post
When I ssh from my office to my home (both ends running Slackware 14.2), I often get a screen freeze. I don't think this has anything to do with inactivity because it freezes most often while I am typing. The only way out is to kill the terminal and start again. The ssh rarely lasts more than 5 minutes, so it is really a big issue for me. I checked /var/messages, it shows that I logged in via publickey, but it doesn't show that it got disconnected. It could be my router that is acting weird, but I'd like to know how to narrow it down. Thanks.
Check dis

So this article seems to point out that there are settings in ssh (client side) and sshd (server side) that prevent timeout by sending null packets periodically (which I think you know already).

But apparently once a certain amount of null packets are sent, it will still time out/freeze.

You can set higher null packet limits.

Worth a try.
 
Old 08-19-2019, 11:42 PM   #4
asarangan
Member
 
Registered: Jul 2009
Posts: 42

Original Poster
Rep: Reputation: 5
Quote:
Originally Posted by asarangan View Post
When I ssh from my office to my home (both ends running Slackware 14.2), I often get a screen freeze. I don't think this has anything to do with inactivity because it freezes most often while I am typing. The only way out is to kill the terminal and start again. The ssh rarely lasts more than 5 minutes, so it is really a big issue for me. I checked /var/messages, it shows that I logged in via publickey, but it doesn't show that it got disconnected. It could be my router that is acting weird, but I'd like to know how to narrow it down. Thanks.
After I posted this, I looked at /var/log/messages more carefully and saw that an unknown IP was attempting to continuously connect to server generating "Too many authentication failures". I am not sure if that was the cause of my freezes, but I didn't know how to stop this attack either, so I changed my ssh port to something other than 22. So far that seems to have fixed my freeze problem.
 
Old 08-20-2019, 04:09 AM   #5
Keith Hedger
Senior Member
 
Registered: Jun 2010
Location: Wiltshire, UK
Distribution: Linux From Scratch, Slackware64, Partedmagic
Posts: 2,703

Rep: Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678
You should be running iptables and for pref fail2ban if u have an outward facing ssh connection
 
1 members found this post helpful.
Old 08-20-2019, 05:57 PM   #6
Skaperen
Senior Member
 
Registered: May 2009
Location: WV, USA
Distribution: Xubuntu, Slackware, Amazon Linux
Posts: 1,901
Blog Entries: 21

Rep: Reputation: 125Reputation: 125
does the office use a NAT router? do you? these routers typically assume, by default, that usage is for HTTP(S) and set a short timeout for NAT table entries. whoever runs this router should look at the documentation thoroughly to see how to configure this. don't turn them off unless it lets you do it by port number since that will cause the router to run out of memory, eventually.

you can set up a VPN that uses UDP with pinging in both directions (every few seconds is probably good enough). that might have better luck than TCP.
 
Old 08-22-2019, 03:43 AM   #7
voleg
Member
 
Registered: Oct 2013
Distribution: RedHat CentOS Fedora SuSE
Posts: 339

Rep: Reputation: 51
Try to use "ssh -C" with compression. Usually this helps me with bad network.
 
Old 08-31-2019, 06:28 AM   #8
crts
Senior Member
 
Registered: Jan 2010
Posts: 1,751

Rep: Reputation: 548Reputation: 548Reputation: 548Reputation: 548Reputation: 548Reputation: 548
Broken link

Quote:
Originally Posted by permaroot View Post
That link is broken. It navigates to
Code:
www.https.com
ironically via http protocoll. This is the content of your URL field:
Code:
http://https://unix.stackexchange.com/questions/200239/how-can-i-keep-my-ssh-sessions-from-freezing#200256
 
Old 08-31-2019, 07:31 AM   #9
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,009

Rep: Reputation: 1289Reputation: 1289Reputation: 1289Reputation: 1289Reputation: 1289Reputation: 1289Reputation: 1289Reputation: 1289Reputation: 1289
Even if you run on non-standard ports I recommend FAIL2BAN.

I once set up a honeypot running FAILTOBAN and services on normal ports on my network. I forwarded the block addresses to my gateway, thus adding protection to my entire network.
I linked in whois to get a report on the source subnets, compiled the result by country, and created a web page with a running graph of what parts of what countries were trying how hard to break in today. Overkill, but the it sure made for some fun reading.

I was so impressed with the behavior of failtoban that I installed it on the most at-risk data servers at work. We never had a successful breach.

Last edited by wpeckham; 08-31-2019 at 07:32 AM.
 
1 members found this post helpful.
Old 09-01-2019, 09:54 AM   #10
asarangan
Member
 
Registered: Jul 2009
Posts: 42

Original Poster
Rep: Reputation: 5
Quote:
Originally Posted by wpeckham View Post
Even if you run on non-standard ports I recommend FAIL2BAN.

I once set up a honeypot running FAILTOBAN and services on normal ports on my network. I forwarded the block addresses to my gateway, thus adding protection to my entire network.
I linked in whois to get a report on the source subnets, compiled the result by country, and created a web page with a running graph of what parts of what countries were trying how hard to break in today. Overkill, but the it sure made for some fun reading.

I was so impressed with the behavior of failtoban that I installed it on the most at-risk data servers at work. We never had a successful breach.
Thank you for all the responses. I did confirm that the frequent freezes were due to attacks on my server from repeated attempts to login. Once I switched ports, everything was fine. I need to look into how to secure using fail2ban.
 
Old 09-01-2019, 11:25 AM   #11
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,110
Blog Entries: 3

Rep: Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980Reputation: 1980
Quote:
Originally Posted by asarangan View Post
Thank you for all the responses. I did confirm that the frequent freezes were due to attacks on my server from repeated attempts to login. Once I switched ports, everything was fine. I need to look into how to secure using fail2ban.
In addition to fail2ban, there is also sshguard. Look at both and then decide which has the features you are looking for.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How 'freeze' SSH connection on Ubuntu 11? Pedrommone Linux - Security 7 04-08-2013 04:14 PM
vim freeze at startup when in ssh session sylye Slackware 7 04-03-2011 06:08 AM
ssh freeze after logging to the CentOS 5.4 server airekans Linux - Server 2 11-16-2010 01:55 AM
Freeze of freeze on first boot compaq v6305nr distro: fedora core 7 schezel2000 Linux - Hardware 0 10-18-2007 10:01 AM
SSH Freeze Problem nomb Linux - Server 3 04-09-2007 10:06 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration