Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

"ssh example.com" hangs but "ssh example.com bash -i" does not

Tags:

ssh

login

netcat

everyday I encounter a very strange phenomenon.

From my university internet connection, sshing to my machine ("ssh example.com") works without any problems.

From my home adsl, "ssh example.com" my console gets stuck with this message: 

debug1: Server accepts key: pkalg ssh-rsa blen 533
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.

Sometimes it might let me in but in most of the cases not. The funny thing is that if I execute "ssh example.com bash -i" I get logged in immediately.

like image 811
Asterios Avatar asked Feb 11 '10 21:02

Asterios

3 Answers

I finally found the source of the problem. It has to do with SSH type of service (ToS) TCP packets.

When you ask for a regular ssh teminal, ssh sets the TCP packet type of service (ToS) to "interactive". My router in my residence blocks those packet types!

Using netcat, the tunneled TCP packets get no type of service directives. Thus, if you tunnel all your ssh traffic through netcat, you reset the ToS of the TCP packets to the default ones.

In .ssh/config, you have to set:

Host *.example.com
    ProxyCommand nc %h %p

So, each time you try to ssh to example.com, netcat will be called and will tunnel the packets.

like image 188
Asterios Avatar answered Nov 23 '22 19:11

Asterios

As of OpenSSH 5.7, you can just add this to your ssh config file (either ~/.ssh/config or /etc/ssh/ssh_config):

Host *
  IPQoS 0x00

This is a more-direct way to work around the problem Asterios identified.

like image 26
Joe Avatar answered Nov 23 '22 17:11

Joe

I've just had the same problem. Try logging in with a different ssh client for more information. Whereas the linux command-line client didn't come back with any useful message, Putty came back with "server refused to allocate pty". I fixed it with mkdir /dev/pts and mount -a. How it got that mucked up in the first place I'm less sure about.

BTW, bash -l should act like a login shell so you should be able to prove Peter Westlake's suggestion correct or incorrect in your case fairly easily.

like image 44
Richard Wheeldon Avatar answered Nov 23 '22 18:11

Richard Wheeldon
Sign in to Comment

Related questions

PHP: How to check if user is already logged in and otherwise redirect to login page
Using Ruby with Mechanize to log into a website
Tomcat - making the login page content different depending on how the user got there
How to create a remember me function in login without using form in javascript or jquery
Transparent SSO with SAML (IE, SAML 2.0, ADFS, Kerberos authentication)
Why is https only used for login?
How to prevent attacks on WordPress wp-login.php page
should i need to create mysql accounts for all the user who register on my website or create 1 mysql user and pass cretitials to all users
Prevent automatic login when register in woocommerce and redirect to login page?
Pentaho BI server report without Log in
How to skip the login scene and start straight from the next if you are already authorized?
Postgres: authentication fails when try to login with different unix user
Geny motion credential. I am not able to loggin in geny motion credential
Login Logout issue with facebook iOS sdk
IOS - Delegate vs Notification
Vue-router, how to prevent the user back to the login screen pressing the back button in browser?
Is it possible to replace the Mac login screen?
Android: Login with Twitter using Twitter4J
change Layout based on type of User role
PHP & MySQL compare password

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!