Post 9ozEDFXbwtvicaoiG0 by trini@society.oftrolls.com
(DIR) More posts by trini@society.oftrolls.com
(DIR) Post #9ozDHys3FxL2Pg4OcC by codesections@fosstodon.org
2019-11-15T12:43:42Z
0 likes, 0 repeats
I'm running into a minor SSH issue that makes me think I'm missing something very obvious.When I SSH from my into my home server and lose the connection (e.g., put my laptop to sleep) I frequently cannot connect to the server again on the same port—it's as though the port is still tied up/"busy" with the non-broken connection.My current work-around is reconnecting the modem. This works, but is super inelegant.Am I missing something basic here/any tips on avoiding this issue?
(DIR) Post #9ozDYNlqRleoGvzIdU by FiXato@mastodon.social
2019-11-15T12:46:38Z
0 likes, 0 repeats
@codesectionstried connecting with `ssh -v` (or an increasing amount of v's) to more verbosity in the output to help debug it?
(DIR) Post #9ozE3fpTM7GzFybad6 by ayo@niu.moe
2019-11-15T12:52:27Z
0 likes, 0 repeats
@codesections Never had that happen to me before. Do you have a limit on the number of concurrent SSH sessions, i.e. can you normally open multiple ssh sessions? I could imagine such a limiter would not register an unclean disconnect.
(DIR) Post #9ozE46p2znyYyTc8DQ by artlogic@mastodon.social
2019-11-15T12:52:22Z
0 likes, 0 repeats
@codesections my suspicion is that your router's port forwarding is broken. You might test this by forwarding several ports to SSH on your home server.
(DIR) Post #9ozEDFXbwtvicaoiG0 by trini@society.oftrolls.com
2019-11-15T12:53:59Z
0 likes, 0 repeats
@codesections Do you have some rate limit or other firewall rules around ssh? FWIW, the general case of "I moved along with my device, new IP" is why I use mosh+ssh auth rather than ssh.
(DIR) Post #9ozEaFVSFDVdAqm7sG by vbatts@fosstodon.org
2019-11-15T12:58:14Z
0 likes, 0 repeats
@codesections the server ought not have port 22 bound to a single ingress connection. 🤔
(DIR) Post #9ozEdGUt17AP7EwoS0 by codesections@fosstodon.org
2019-11-15T12:58:46Z
0 likes, 0 repeats
@FiXato> tried connecting with `ssh -v` (or an increasing amount of v's) to more verbosity in the output to help debug it?Yeah, but got nothing useful: `ssh: connect to host <IP_ADDR> port <PORT>: Connection refused`
(DIR) Post #9ozEnWKF1SYH6OrI9o by AvnSgt@fosstodon.org
2019-11-15T13:00:36Z
0 likes, 0 repeats
@codesections Are you using a TMUX set up or a standard terminal session?
(DIR) Post #9ozF6Dn2A5Ez7KF9Rg by fink@chaos.social
2019-11-15T13:03:56Z
0 likes, 0 repeats
@codesections @FiXato refused is something active, try mtr with tcp/22/report
(DIR) Post #9ozFbDdwkxzTdim27c by penguin42@mastodon.org.uk
2019-11-15T13:09:42Z
0 likes, 0 repeats
@codesections is there still an ssh process on your client? Ssh will try and share the existing TCP connection if it thinks it already has one open; before you reconnect do a PS and kill off any stragglers. If that's the problem you might try the serveralive options which send keep alivev packets and should kill it off if dead.
(DIR) Post #9ozFpwmLjyCVgAj8TY by gcupc@glitch.social
2019-11-15T12:54:50Z
0 likes, 0 repeats
@artlogic @codesections Yes, I think this is the best bet. If you can't replace or fix your router, a workaround would be to use mosh. It's a secure shell over UDP, and it handles disconnects, reconnects, and client roaming. It's possible your router could mess that up, too, of course.
(DIR) Post #9ozFpxutVgd7CxjTQu by hugot@mastodon.nl
2019-11-15T13:03:59Z
0 likes, 0 repeats
@gcupc@artlogic @codesectionsIf that' s the case, a SSH tunnel to a vps with TCP keepalive enabled or a vpn like wireguard could work too.
(DIR) Post #9ozFpzFqXGz3MEXijI by codesections@fosstodon.org
2019-11-15T13:12:13Z
0 likes, 0 repeats
@hugot @gcupc @artlogic > my suspicion is that your router's port forwarding is broken. Yeah, that's my guess too, especially given that I have a somewhat…bad home network setup.Specifically, I have an AT&T modem/router that I don't trust and use only as a router, forwarding all connections to a router running #openWRT.I tried opening multiple ports on the modem, which didn't solve the issue. Maybe I should try opening ports on the real router?
(DIR) Post #9ozG2PFRiaBTRyHH0a by schoentoon@mastodon.schoentoon.com
2019-11-15T13:14:27Z
0 likes, 0 repeats
@codesections Sounds odd, have you tried enabling multiplexing as a workaround? As that would only use 1 connection for multiple sessions. https://blog.scottlowe.org/2015/12/11/using-ssh-multiplexing/
(DIR) Post #9ozHoVQS9YsWSnvRqq by codesections@fosstodon.org
2019-11-15T13:34:31Z
0 likes, 0 repeats
@penguin42 > Ssh will try and share the existing TCP connection if it thinks it already has one open; before you reconnect do a PS and kill off any stragglers.This diagnosis of the problem is clear, logical, and presents a nice solution.Unfortunately, after a bit of testing, it's not the case. Oh well, would have been nice
(DIR) Post #9ozKpvdKUzZxthJoBM by penguin42@mastodon.org.uk
2019-11-15T14:08:24Z
0 likes, 0 repeats
@codesections bah! Hmm you could try telnet ing to the port to see of you can even get a TCP connection,
(DIR) Post #9ozLDroIMg7KzRrWIy by artlogic@mastodon.social
2019-11-15T14:12:38Z
0 likes, 0 repeats
@codesections @hugot @gcupc can you put the at&t device into bridge mode?
(DIR) Post #9ozMDDUeMUfnu5vXoO by neildarlow@fosstodon.org
2019-11-15T14:23:42Z
0 likes, 0 repeats
@codesections Do you have anything like Fail2Ban monitoring your SSH service?
(DIR) Post #9ozo4S0vnoJL36dQfY by hugot@mastodon.nl
2019-11-15T19:35:50Z
0 likes, 0 repeats
@codesections@gcupc @artlogicYou mean more than just the one you're using for SSH?Honestly I doubt that the problem is in the #openWRT router, but maybe you can test this by hooking another pc up to its WAN port. Assign static ips to the pc and the router on a new subnet to so you have a little "external"/network and try to ssh in from there. If that works well you'll know the modem is the culprit.