Secure Shell
Question about SCP stalling over VPN Mar 09 2010 05:44PM
Matthew Case (mattcase specializedbusinesssoftware com) (2 replies)
RE: Question about SCP stalling over VPN Mar 12 2010 06:08PM
Robin, Robin (robinr muohio edu)
Matt,

To do full diagnosis, do captures at both ends:
tcpdump -w client.pcap -s0 host <IP> and port 22
## so that we don't capture unnecessary stuff, if you are at the client, the <IP> should be the server side

At server side,
tcpdump -w server.pcap -s0 host <IP> and port 22
## so that we don't capture unnecessary stuff, if you are at the server, the <IP> should be the client side

Upload the {client,server}.pcap somewhere and provide the links, that way someone might be able to take a look at it.

This is one thing you can give it a try easily:

Certain network devices I have seen have bugs dealing with TCP SACK.
CentOS 5.3 comes enabled with TCP SACK.
As root, try issuing "sysctl -w net.ipv4.tcp_sack=0", then scp to check if turning SACK off resolve your issues.

Robin

________________________________________
From: listbounce (at) securityfocus (dot) com [email concealed] [listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Matthew Case [mattcase (at) specializedbusinesssoftware (dot) com [email concealed]]
Sent: Tuesday, March 09, 2010 12:44 PM
To: secureshell (at) securityfocus (dot) com [email concealed]
Subject: Question about SCP stalling over VPN

Greetings,

I am attempting to SSH a series of relatively small files (tens of
megabytes) over a VPN connection to a remote linux server. I am able to
SSH between the servers without a problem, but when I use SCP to copy
the files I start seeing the following message more and more until
finally the copy grinds to a halt and eventually times out:

debug2: channel 0: rcvd adjust 131072
debug2: channel 0: rcvd adjust 131072
debug2: channel 0: rcvd adjust 131072
debug2: channel 0: rcvd adjust 131072

I've looked high and low and haven't really come up with anything
definitive. Someone somewhere had mentioned fiddling with MTU settings,
but I'm not really sure what that will accomplish as I am unfamiliar
with what MTU is and does. If this question has been answered
previously, I apologize ahead of time. Thanks!

I am running CentOS 5.3 with OpenSSH 4.3p2-29 on the server I am copying
the files from, and CentOS 5.4 with OpenSSH 4.3p2.36 on the server I am
copying to.
--

Matthew Case
Specialized Business Software
Software Engineer
SCJP 5 Certified
Phone: 440-542-9145
Fax: 440-542-9143

This message and any files transmitted with it may contain information that is privileged, confidential, and exempt from disclosure under applicable law. They are intended solely for the use of the intended recipient. If you are not the intended recipient, distributing, copying, disclosing, or reliance on the contents of this communication is strictly prohibited. If this has reached you in error, kindly destroy this message and notify the sender immediately. Thank you for your assistance.

We attempt to sweep harmful content (e.g. viruses) from e-mail and attachments, however we cannot guarantee their safety and can accept no liability for any resulting damage. The recipient is responsible to verify the safety of this message and any attachments before accepting them.

[ reply ]
Re: Question about SCP stalling over VPN Mar 10 2010 03:04AM
Darren Tucker (dtucker zip com au) (1 replies)
Re: Question about SCP stalling over VPN Mar 12 2010 08:41AM
John Morrison (john morrison101 googlemail com) (1 replies)
Re: Question about SCP stalling over VPN Mar 12 2010 02:13PM
Matthew Case (mattcase specializedbusinesssoftware com) (2 replies)
Re: Question about SCP stalling over VPN Mar 22 2010 05:02PM
Dennis Nezic (dennisn dennisn dyndns org) (1 replies)
Re: Question about SCP stalling over VPN Mar 24 2010 01:23AM
Dennis Nezic (dennisn dennisn dyndns org) (1 replies)
Re: Question about SCP stalling over VPN Mar 24 2010 08:10PM
Dennis Nezic (dennisn dennisn dyndns org)
RE: Question about SCP stalling over VPN Mar 12 2010 06:03PM
Paul Ryland (paul transversal com)


 

Privacy Statement
Copyright 2010, SecurityFocus