| 1 |
Thank you all for your replies, |
| 2 |
|
| 3 |
On Tuesday 27 November 2007, Chris Frederick wrote: |
| 4 |
> Dale wrote: |
| 5 |
|
| 6 |
> > I also ran into something like this on a local network. I corrected |
| 7 |
> > this by adding the remote systems to my hosts file and putting the entry |
| 8 |
> > in the host file on the remote system. |
| 9 |
[ship...] |
| 10 |
|
| 11 |
> I've had this problem as well. I've added "UseDNS no" to the |
| 12 |
> sshd_config file and that had the same result. I usually only had high |
| 13 |
> latency establishing the connection though. Once the connection was |
| 14 |
> established and I was logged in, everything was fast again. |
| 15 |
|
| 16 |
The problem is not with the DNS servers. I use IP addresses to access these |
| 17 |
machines and when I have tried FQDNs it makes no odds. |
| 18 |
|
| 19 |
> I've also had connection issues while transferring files through ssh, |
| 20 |
> and I got around that (somewhat) by added "-l" to the scp command. This |
| 21 |
> tries to throttle the connection speed, and I can usually keep a |
| 22 |
> connection going with that. I say that is somewhat fixed the issue |
| 23 |
> because I also need to use ssh to port forward to an internal database |
| 24 |
> and run scripts there, but there's no way that I know to do the same |
| 25 |
> throttling with a port forwarding ssh command. |
| 26 |
|
| 27 |
The -l option is to apply a protocol specific type of QoS and limit the |
| 28 |
bandwidth consumed by scp so that other critical services on the server don't |
| 29 |
run dry. My problem is that I do not seem to have enough bandwidth to start |
| 30 |
with. |
| 31 |
|
| 32 |
The ports of the servers are random numbers in the 200+ and 12000+ range and I |
| 33 |
have checked that no other applications are using/listening on these ports. |
| 34 |
I've not tried port 22 yet, but I'll give it a go tonight. I tend to use |
| 35 |
higher random ports just to achieve some basic 'security by obscurity' from |
| 36 |
script kiddies and botnets. The issue with port 22 is that the |
| 37 |
world-and-his-wife will try to hack in and cause DoS to the little bandwidth |
| 38 |
that seems to be available. :p Ha! I'll deal with this at the firewall. |
| 39 |
|
| 40 |
The datacenter servers are listening on port 22. This difference in |
| 41 |
performance between the production and the domestic servers also made me |
| 42 |
think that there may well be some traffic shaping by the ISPs at their |
| 43 |
routers, but don't know if I can test this for definite somehow. |
| 44 |
|
| 45 |
I don't think that setting up QoS at the domestic servers is going to make any |
| 46 |
difference. These machines are not stressed at all and off peak I can access |
| 47 |
them fine. It is at peak times that things really go pear shape, hence it |
| 48 |
should be a network congestion/traffic shaping issue. I don't know if people |
| 49 |
started going mad at the pre-Christmas online shopping and things have been |
| 50 |
particularly bad since last Saturday, or if it is just some ISP network |
| 51 |
maintenance that made my connections impossible. |
| 52 |
|
| 53 |
More about my trials and tribulations on port 22 tomorrow . . . |
| 54 |
-- |
| 55 |
Regards, |
| 56 |
Mick |
Archives