Topic "Timeout with OpenSSH through firewall - putty ok - with workaround"

Author Message
pmorch

Guest


Hi,

It seems WinSCP does not respond to OpenSSHv2 server's keepalives.

I had an OpenSSHv2 server set up with ClientAliveInterval 60, which was just short enough that it required WinSCP to answer because the server's 60 second keepalive got triggered just before WinSCP's minimum keepalive of 1 minute. And WinSCP didn't respond to the servers keepalive packet properly, it seems, so the server terminated the connection (after 6 minutes of inactivity, in my case).

The workaround was to change the server configuration to ClientAliveInterval 120 so that WinSCP's null-packet timeout got there in time, so the server's timeout mechanism is never used. Of course that requires root access on the remote server...

Putty, which WinSCP is based on, reponds correctly to the server's keepalive packets, it seems...

Sincerely,

Peter

Details:

I'm connecting through NAT and a firewall. The NAT in the firewall (that I can't change) kills TCP sockets if they aren't used, so this had been set in OpenSSH's sshd_config (on a server outside the firewall):

KeepAlive yes
ClientAliveInterval 60
ClientAliveCountMax 6

Now the server sends a keepalive every 60 secs, and the client is supposed to respond.

Putty does this but WinSCP does not. After 6 minutes, if I try to do anything, e.g. change directory, I get this error message:

Quote:
Server sent disconnect message
type 2 (SSH_DISCONNECT_PROTOCOL_ERROR):
"Timeout, your session not responding."


I've looked with SnifferPRO and with Ethereal, and of course it isn't possible to decode SSH, but the following happens every 60 seconds:

The server sends a 122 byte TCP packet from port 22 to the client port. (Keepalive)

Putty responds shortly after with a 90 byte packet (containing 36 bytes of data) and the server responds shortly after that with a 60 byte packet. (Just an ACK?) Putty keeps the connection open indefinitely.

WinSCP, on the other hand, reponds to the servers packet with a 60 byte packet with no data. (Just an ACK?) after 6 minutes, the server sends a packet with the FIN set and then the first time I try to do anything with the GUI, I get the quoted error message above.

For both WinSCP and Putty, I start with a new session enter host and username, and only change the SSH version to "2 only". I also tried the "Use scp2 with scp1 compat." setting and that had the same behavior.

I've also tried with OpenSSH's ssh client and that works fine too. (Haven't traced it though.)

Siffer traces and what the dialog box looks like can be found here for at least a week or two:
<invalid link removed>
(For debugging and tracing, I changed sshd settings to
ClientAliveInterval 10
ClientAliveCountMax 3
)

After that, I tried to change the server settings to
KeepAlive yes
ClientAliveInterval 120
ClientAliveCountMax 3
and check WinSCP's "Sending of null packets to keep session alive" and set "Minutes between keepalives" to 1 (winscp_longerServerTimeout.cap). That worked. Now the session is kept up indefinitely.

Software versions:

Clients:
WinSCP: version: 2.2.0 (Build 122)
Putty: 0.53 (no "b")
OS: Windows XP

Server:
OpenSSH_3.4p1
RedHat 8.0
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
Thanks for your information. One additional question: Which version of Putty are you using?
_________________
Martin Prikryl
Guest




prikryl wrote:
Thanks for your information.


Same problem with winSCP 3.1 on Windows 2000 Pro, with ssh server on OpenBSD 3.3. Putty and ssh in cygwin works, though. I'll try the workaround, and hopefully the problem disappears.

Otherwise, WinSCP looks quite nice.

Sigfred
Guest




I have the same problem with WinSCP 3.6.1. Server Keep-alives are on. I can do uploads and downloads as long as no server keep-alive packet arrives. My sshd keep-alive setting is 10 seconds. It's very annoying to reconnect after just 10 seconds.

Can you please solve this problem ? PuTTY (0.54) and PSCP work fine !


Greetz
Thomas (thosi@bluewin.ch)
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
Quote:
I have the same problem with WinSCP 3.6.1. Server Keep-alives are on. I can do uploads and downloads as long as no server keep-alive packet arrives. My sshd keep-alive setting is 10 seconds. It's very annoying to reconnect after just 10 seconds.

I'll check it. What is your server?
_________________
Martin Prikryl
niobos

Guest


any news on this?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
I believe that this was fixed in 3.7.2, wasn't it?
Quote:
WinSCP now detects dropped connection immediatelly. It also responds to server keepalive requests immediately (keepalive@openssh.com).

_________________
Martin Prikryl
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License