[lug] strange ssh performance issues

Kevin Kempter kevin at kevinkempterllc.com
Fri Sep 28 10:51:52 MDT 2007


Hi List;

First let me say that (1) I have a fairly unusual (I suspect) ssh setup, and 
(2) I hate the virus known as windows 


Here's the deal;

The client I'm working for uses a SonicWall firewall to control access to the 
data centers. Unfortunately there are issues with the Linux openVPN clients 
(specifically open swan) where it connects but locks all other connections 
out of the firewall. So, until we figure this out the solution is to use the 
windows version of the SonicWall client.  I've installed vmware and installed 
a copy of VirusXP (AKA Windows XP). I installed cygwin and followed the 
instructions here to install the ssh server: 
( http://pigtail.net/LRP/printsrv/cygwin-sshd.html ) although I did not run 
the mkpasswd and mkgroup commands, they seemed to break the install of ssh 
server.

Anyway, I also setup an ssh key so I could login to the M of VirusXP without a 
password. 

Next I setup a config file in my Linux $HOME/.ssh dir with many entries like 
this (one for each host in the data ceners that I need to connect to):

Host dataCenterHostname
        Hostname 10.1.x.x               # data center I.P.
        HostKeyAlias 10.1.x.x          # data center I.P.
        ProxyCommand /usr/local/bin/netcat-proxy-command 172.16.128.128 %h


The 172.16.128.128 I.P. addr is the I.P. of the VirusXP image within vmware 
via nat. (I could not make the ssh connections work via bridged networking).

The /usr/local/bin/netcat-proxy-command script is a netcat (nc) script and 
contains this:

#!/bin/sh
gateway=$1
internal=$2
ssh $gateway nc -w 1 $internal 22

To use this setup I boot up VirusXP, open the SonicWall VPN client and connect 
to one or more of the data centers.  Then in Fedora 7 (the host OS) I open a 
terminal and run this:
ssh dataCenterHostname
 
so, to my issue. Most of the time this setup works fairly well, in that it 
does connect. It usually takes about 30 seconds for me to get a password 
prompt for the target data center host. This is acceptable but I think 
there's something weird going on that delay's the connection. I say this 
because I can open a cygwin windowin VirusXP and do an ssh <I.P.> and I get a 
password prompt immediately.

The main issue is that several times a day the connections start to take 
several minutes to return the password prompt. I need to restart the cygwin 
service in VirusXP, and sometimes that doesn't help so I reboot the VM 
instance of VirusXP. This is quite frustrating, however I'm a DBA and have 
limited networking knowledge. Does anyone have any thoughts?, suggestions?, 
comments?

Thanks in advance..




More information about the LUG mailing list