Solved Change in SSH with 11.0-RELEASE

  • Thread starter Deleted member 9563
  • Start date
D

Deleted member 9563

Guest
I recently updated from 10.1-RELEASE to 11.0-RELEASE (fresh install) and after a few days everything seems to be good. Except SSH. I have a tunnel to my mail server which has been pretty solid for several years. Now I get this every few hours:

Code:
Fssh_packet_write_wait: Connection to xxx.xxx.xxx.xxx port 22: Broken pipe

Can someone suggest what is different in 11.0 that would cause this to start happening?
 
what is different in 11.0
From https://www.freebsd.org/releases/11.0R/relnotes.html
SSHv1 support has been removed from OpenSSH. [r303716]
Support for DSA is disabled by default in OpenSSH. [r303719]

2. Important Notes

This section lists important information for those upgrading from prior FreeBSD releases.
2.1. User-facing Changes

As of r303719, OpenSSH DSA key generation has been disabled by default. It is important to update OpenSSH keys prior to upgrading. Additionally, Protocol 1 support has been removed.
 
I don't have an answer to your question, but running sshd with the -d option could be helpful. Also
Code:
Host *
ServerAliveInterval 120
in ~/.ssh/config on the client side might prevent the problem.
 
Thanks getopt I didn't do that. In the kerfuffle of all the stuff that needed doing I completely forgot about that. I just deleted the key to the mail server and we'll see if that does the trick with the new one.

There was another problem which got solved with a new key as well. Logging into another local computer with ssh was giving a delay of a few seconds. With a new key it is instant again.

Thanks jrm@ I looked at that. It does seem to be useful. The connection needs to be up 24/7 though.
 
OJ, the ServerAliveInterval is an interval (in seconds) for the client to send a null packet to the server to keep the connection alive (hopefully indefinitely).
 
OJ, the ServerAliveInterval is an interval (in seconds) for the client to send a null packet to the server to keep the connection alive (hopefully indefinitely).

Oh I see. OK, well it might be an excellent idea for this situation then. Thanks!
 
I just wanted to wait and see if the problem was actually solved. It is. Updating keys did the job. However I added the ServerAliveInterval as well because I think it might solve the other situation of connection dropping once a month or so - not that I'm very concerned about that, but better is better. :)
 
Back
Top