1 |
Thank you all for your replies, |
2 |
|
3 |
On Tuesday 27 November 2007, Chris Frederick wrote: |
4 |
> Dale wrote: |
5 |
|
6 |
> > I also ran into something like this on a local network. I corrected |
7 |
> > this by adding the remote systems to my hosts file and putting the entry |
8 |
> > in the host file on the remote system. |
9 |
[ship...] |
10 |
|
11 |
> I've had this problem as well. I've added "UseDNS no" to the |
12 |
> sshd_config file and that had the same result. I usually only had high |
13 |
> latency establishing the connection though. Once the connection was |
14 |
> established and I was logged in, everything was fast again. |
15 |
|
16 |
The problem is not with the DNS servers. I use IP addresses to access these |
17 |
machines and when I have tried FQDNs it makes no odds. |
18 |
|
19 |
> I've also had connection issues while transferring files through ssh, |
20 |
> and I got around that (somewhat) by added "-l" to the scp command. This |
21 |
> tries to throttle the connection speed, and I can usually keep a |
22 |
> connection going with that. I say that is somewhat fixed the issue |
23 |
> because I also need to use ssh to port forward to an internal database |
24 |
> and run scripts there, but there's no way that I know to do the same |
25 |
> throttling with a port forwarding ssh command. |
26 |
|
27 |
The -l option is to apply a protocol specific type of QoS and limit the |
28 |
bandwidth consumed by scp so that other critical services on the server don't |
29 |
run dry. My problem is that I do not seem to have enough bandwidth to start |
30 |
with. |
31 |
|
32 |
The ports of the servers are random numbers in the 200+ and 12000+ range and I |
33 |
have checked that no other applications are using/listening on these ports. |
34 |
I've not tried port 22 yet, but I'll give it a go tonight. I tend to use |
35 |
higher random ports just to achieve some basic 'security by obscurity' from |
36 |
script kiddies and botnets. The issue with port 22 is that the |
37 |
world-and-his-wife will try to hack in and cause DoS to the little bandwidth |
38 |
that seems to be available. :p Ha! I'll deal with this at the firewall. |
39 |
|
40 |
The datacenter servers are listening on port 22. This difference in |
41 |
performance between the production and the domestic servers also made me |
42 |
think that there may well be some traffic shaping by the ISPs at their |
43 |
routers, but don't know if I can test this for definite somehow. |
44 |
|
45 |
I don't think that setting up QoS at the domestic servers is going to make any |
46 |
difference. These machines are not stressed at all and off peak I can access |
47 |
them fine. It is at peak times that things really go pear shape, hence it |
48 |
should be a network congestion/traffic shaping issue. I don't know if people |
49 |
started going mad at the pre-Christmas online shopping and things have been |
50 |
particularly bad since last Saturday, or if it is just some ISP network |
51 |
maintenance that made my connections impossible. |
52 |
|
53 |
More about my trials and tribulations on port 22 tomorrow . . . |
54 |
-- |
55 |
Regards, |
56 |
Mick |