Home/Support/Support Forum/ssh connection not (usually) happening with X4 cellular
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

ssh connection not (usually) happening with X4 cellular

0 votes
I am unable to consistently establish an ssh connection with a new X4 gateway (X4-HMU-U901-A) via cellular. No problem with ping. No problem with telnet. No problem with other ConnectPort gateways, both 2G and 3G/4G, but they are different models from this one. (10% of the time the ssh session may continue and ask for password to get established, but usually after 40-100 seconds.) No problem with ssh with LAN.

We found that ssh hangs (90% of the time) after some initial back and forth between the server and gateway. If, in parallel a ping is performed while ssh is stuck, the ssh will immediately proceed --- EVERY TIME.

Help appreciated!!

For details, here's the output from each of the concurrent ssh call, ping call and trace call.

ssh
[root@ncs .ssh]# ssh -vvv -2 root@10.27.43.2
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /root/.ssh/config
debug1: Applying options for 10.27.43.2
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.27.43.2 [10.27.43.2] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
## HANGS HERE UNTIL PING ##
debug1: Remote protocol version 2.0, remote software version SSH_2.0
debug1: no match: SSH_2.0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 813
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
... snip ...
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa ((nil))
debug2: key: /root/.ssh/id_dsa ((nil))
debug3: Wrote 64 bytes for a total of 1109
debug1: Authentications that can continue: password
debug3: start over, passed a different list password
debug3: preferred gssapi-keyex,gssapi-with-mic,keyboard-interactive,password
debug3: authmethod_lookup password
debug3: remaining preferred: ,gssapi-with-mic,keyboard-interactive,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
root@10.27.43.2's password:


PING
[root@ncs ~]# ping -c 1 10.27.43.2
PING 10.27.43.2 (10.27.43.2) 56(84) bytes of data.
64 bytes from 10.27.43.2: icmp_seq=1 ttl=249 time=3649 ms

--- 10.27.43.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 3649ms
rtt min/avg/max/mdev = 3649.791/3649.791/3649.791/0.000 ms
[root@ncs ~]#


TRACE
[root@ncs init.d]# tshark -i tun1 -l host 10.27.43.2
Running as user "root" and group "root". This could be dangerous.
Capturing on tun1
0.000000 172.16.2.87 -> 10.27.43.2 TCP 43402 > ssh [SYN] Seq=0 Win=5488 Len=0 MSS=1372 TSV=4281489852 TSER=0 WS=6
2.999393 172.16.2.87 -> 10.27.43.2 TCP 43402 > ssh [SYN] Seq=0 Win=5488 Len=0 MSS=1372 TSV=4281492852 TSER=0 WS=6
3.016473 10.27.43.2 -> 172.16.2.87 TCP ssh > 43402 [SYN, ACK] Seq=0 Ack=1 Win=9520 Len=0 MSS=1360
3.016507 172.16.2.87 -> 10.27.43.2 TCP 43402 > ssh [ACK] Seq=1 Ack=1 Win=5488 Len=0
18.643335 172.16.2.87 -> 10.27.43.2 ICMP Echo (ping) request
22.230203 10.27.43.2 -> 172.16.2.87 SSH Server Protocol: SSH-2.0-SSH_2.0
22.230275 172.16.2.87 -> 10.27.43.2 TCP 43402 > ssh [ACK] Seq=1 Ack=17 Win=5488 Len=0
22.230506 172.16.2.87 -> 10.27.43.2 SSH Client Protocol: SSH-2.0-OpenSSH_5.3\r
22.239445 10.27.43.2 -> 172.16.2.87 TCP [TCP Retransmission] [TCP segment of a reassembled PDU]
22.239467 172.16.2.87 -> 10.27.43.2 TCP [TCP Dup ACK 8#1] 43402 > ssh [ACK] Seq=22 Ack=17 Win=5488 Len=0 SLE=1 SRE=17
22.292921 10.27.43.2 -> 172.16.2.87 TCP [TCP Retransmission] [TCP segment of a reassembled PDU]
22.292942 172.16.2.87 -> 10.27.43.2 TCP [TCP Dup ACK 8#2] 43402 > ssh [ACK] Seq=22 Ack=17 Win=5488 Len=0 SLE=1 SRE=17
22.293092 10.27.43.2 -> 172.16.2.87 ICMP Echo (ping) reply
22.689753 10.27.43.2 -> 172.16.2.87 TCP ssh > 43402 [ACK] Seq=17 Ack=22 Win=9499 Len=0
22.689783 172.16.2.87 -> 10.27.43.2 SSHv2 Client: Key Exchange Init
22.920161 10.27.43.2 -> 172.16.2.87 TCP [TCP segment of a reassembled PDU]
22.920195 172.16.2.87 -> 10.27.43.2 TCP 43402 > ssh [ACK] Seq=814 Ack=313 Win=6432 Len=0
22.921346 172.16.2.87 -> 10.27.43.2 SSHv2 Client: Diffie-Hellman GEX Request
23.190010 10.27.43.2 -> 172.16.2.87 TCP [TCP segment of a reassembled PDU]
23.190706 172.16.2.87 -> 10.27.43.2 SSHv2 Client: Diffie-Hellman GEX Init
23.660947 10.27.43.2 -> 172.16.2.87 TCP [TCP segment of a reassembled PDU]
23.662344 172.16.2.87 -> 10.27.43.2 SSHv2 Client: New Keys
24.059290 10.27.43.2 -> 172.16.2.87 TCP ssh > 43402 [ACK] Seq=1121 Ack=998 Win=8523 Len=0
24.059313 172.16.2.87 -> 10.27.43.2 SSHv2 Encrypted request packet len=48
24.279296 10.27.43.2 -> 172.16.2.87 TCP [TCP segment of a reassembled PDU]
24.279483 172.16.2.87 -> 10.27.43.2 SSHv2 Encrypted request packet len=64
24.649949 10.27.43.2 -> 172.16.2.87 TCP [TCP segment of a reassembled PDU]
24.689387 172.16.2.87 -> 10.27.43.2 TCP 43402 > ssh [ACK] Seq=1110 Ack=1217 Win=8528 Len=0

... snip ...
***** tshark terminated ******
asked Mar 31, 2016 in Digi Connect Cellular by pmcdaid New to the Community (3 points)

Please log in or register to answer this question.

2 Answers

0 votes
Have you confirmed the latest firmware has been applied to the gateway?

Are there any clues in the Event Logging on the gateway?
answered Apr 5, 2016 by userid0 Veteran of the Digi Community (2,158 points)
0 votes
Thanks for helping. Correct me if I'm wrong, but I checked and think I have the latest versions:
gateway firmware: 0x8074
Firmware Version: 2.17.3.2 (Version 82001536_N3 02/02/2015)
Boot Version: 1.1.3 (release_82001975_D)
POST Version: 1.1.3 (release_82001753_K)

The support page makes it tough to figure out the latest version numbers -- for boot and POST in particular.

Also, the log is flagging nothing.
answered Apr 5, 2016 by pmcdaid New to the Community (3 points)
...