ssh ports

John Boland jj.boland at gmail.com
Sat May 5 07:38:16 EDT 2007 

well,

that's the annoying part...
there's nothing when i turn up the debug.  we've setup captures on the ports
and there isn't anything out of place.  in transferring a 500K file, there
might be 4 or 5 retransmit.  the capture shows the stall: packets are moving
along and then stop for a couple of minutes and just resume.  there's
nothing in dmesg or the messages files on either server.  on the target
host, there are several rx_fcs_errors during the transfer. but, that's it.
the firewall rules are setup to allow ftp. ftp-data, and ssh through and
nothing else.  that's why i was asking about another port for return
communication.

any thing else to look at?

tia...


On 5/4/07, Dan Ritter <dsr at tao.merseine.nu> wrote:
>
> On Fri, May 04, 2007 at 04:21:09PM -0400, Boland, John wrote:
> > i've been setting up an ssh server behind a firewall and only allowing
> > port 22 through.
> > ssh works like a champ. however, scp and sftp give stalled messages
> > during transfers.  the files do eventually transfer but the time is a
> > little less than waiting for the next ice age!
> > it appears as though there is a back connection established for the
> > transfer after ssh is setup.
> > with ftp, i'd use the pasv command for the clients and set the max and
> > min passive ports in the ftpd config file.  is there a similar thing in
> > ssh?  if not, is there someway to know what set of ports to limit ssh to
> > use for this back connection?
>
> No, and no. SSH only uses one port pair (22 by default).
>
> Where does it stall when you up the verbosity level (-vvv)?
>
> -dsr-
>
> --
> .. .----. --   .-. . .- -.. .. -. --.   -.-- --- ..- .-.   -- .- .. .-..
> .-.-.-   .-- .... ---   . .-.. ... .   .. ... ..--..
> http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference.
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>



-- 
If it ain't broke, you're not trying hard enough!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Discuss mailing list