ssh from 012 cable to server in US fail

ssh from 012 cable to server in US fail

sara fink sara.fink at gmail.com
Tue Apr 28 13:30:58 IDT 2009 

Please follow these steps:

1. I will highly suggest to launch wireshark when you try to ssh. If you see
a RST, I won't be surprised at all.  You may see a RST that comes from your
ip. Don't be surprised.

2.  You must understand the following thing: they have clients rank A and
clients rank D. from the farm it is possible to ssh (client rank A). from
work/home directly you are client rank D. Take in consideration that you ssh
to usa. you waste their bandwidth.

3. try to ssh to the usa server from other server that doesn't use 012.

4. try to ssh to a server in israel and compare.

5. Try to run the following command tcptraceroute -v <the ip you want> 22
and see where it gets stuck (timing).

6. I smell a Deep Packet Inspection. I will be very happy to be proved
wrong.


On Tue, Apr 28, 2009 at 12:37 PM, Rami Addady <rami at active.co.il> wrote:

> Hi,
>
>
>  Can you provide the server logs? (The connected site)
>>
>
> There are no new entry in /var/log/secure
>
>
>  ou can also try and run it with '-v' to add verbosity there too.
>>
>
>
> The -v output can be found in my first post
>
>
> Thank,
>
>
> Rami
>
>
>
> Noam Meltzer wrote:
>
>  Can you provide the server logs? (The connected site)
>> It can easily shed light on the subject.
>> On RHEL the log file in interest is /var/log/secure.
>>
>> - Noam
>>
>> On Tue, Apr 28, 2009 at 11:10 AM, Rami Addady <rami at active.co.il <mailto:
>> rami at active.co.il>> wrote:
>>
>>    Hi,
>>
>>
>>    I have weird problem , staring this morning I can't ssh to a
>>    server in US,  from some computers that connect to the Internet
>>    using 012 cabels.
>>
>>    But if I'm ssh to server in 012 farm and then from it to the US
>>    server is work fine!
>>
>>    I called 012 technical support but they didn't  help me.
>>
>>
>>    It's not a FW issue because the ssh session start.
>>
>>    When I try to ssh it start and after some time fail , here is
>>    debug session.
>>
>>
>>    ssh -v -l user 111.111.111.111
>>
>>
>>    OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
>>
>>    debug1: Reading configuration data /etc/ssh/ssh_config
>>    debug1: Applying options for *
>>    debug1: Connecting to ... port 22.
>>    debug1: Connection established.
>>    debug1: identity file /home/user/.ssh/identity type -1
>>    debug1: identity file /home/user/.ssh/id_rsa type -1
>>    debug1: identity file /home/user/.ssh/id_dsa type -1
>>    debug1: Remote protocol version 2.0, remote software version
>>    OpenSSH_4.3
>>    debug1: match: OpenSSH_4.3 pat OpenSSH*
>>    debug1: Enabling compatibility mode for protocol 2.0
>>    debug1: Local version string SSH-2.0-OpenSSH_3.9p1
>>    debug1: SSH2_MSG_KEXINIT sent
>>    debug1: SSH2_MSG_KEXINIT received
>>    debug1: kex: server->client aes128-cbc hmac-md5 none
>>    debug1: kex: client->server aes128-cbc hmac-md5 none
>>    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>>    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>>
>>    ... after few minutes...
>>
>>    Connection closed by 111.111.111.111
>>
>>
>>    Any idea what wrong
>>
>>
>>    Rami
>>
>>
>>
>>    _______________________________________________
>>    Linux-il mailing list
>>    Linux-il at cs.huji.ac.il <mailto:Linux-il at cs.huji.ac.il>
>>    http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20090428/d585d6e3/attachment-0001.html>

More information about the Linux-il mailing list