I am unable to consistently establish an ssh connection with a new X4 gateway (X4-HMU-U901-A) via cellular. No problem with ping. No problem with telnet. No problem with other ConnectPort gateways, both 2G and 3G/4G, but they are different models from this one. (10% of the time the ssh session may continue and ask for password to get established, but usually after 40-100 seconds.) No problem with ssh with LAN.
We found that ssh hangs (90% of the time) after some initial back and forth between the server and gateway. If, in parallel a ping is performed while ssh is stuck, the ssh will immediately proceed --- EVERY TIME.
Help appreciated!!
For details, here's the output from each of the concurrent ssh call, ping call and trace call.
ssh
[root@ncs .ssh]# ssh -vvv -2 root@10.27.43.2
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /root/.ssh/config
debug1: Applying options for 10.27.43.2
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.27.43.2 [10.27.43.2] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
## HANGS HERE UNTIL PING ##
debug1: Remote protocol version 2.0, remote software version SSH_2.0
debug1: no match: SSH_2.0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 813
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
... snip ...
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa ((nil))
debug2: key: /root/.ssh/id_dsa ((nil))
debug3: Wrote 64 bytes for a total of 1109
debug1: Authentications that can continue: password
debug3: start over, passed a different list password
debug3: preferred gssapi-keyex,gssapi-with-mic,keyboard-interactive,password
debug3: authmethod_lookup password
debug3: remaining preferred: ,gssapi-with-mic,keyboard-interactive,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
root@10.27.43.2's password:
PING
[root@ncs ~]# ping -c 1 10.27.43.2
PING 10.27.43.2 (10.27.43.2) 56(84) bytes of data.
64 bytes from 10.27.43.2: icmp_seq=1 ttl=249 time=3649 ms
--- 10.27.43.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 3649ms
rtt min/avg/max/mdev = 3649.791/3649.791/3649.791/0.000 ms
[root@ncs ~]#
TRACE
[root@ncs init.d]# tshark -i tun1 -l host 10.27.43.2
Running as user "root" and group "root". This could be dangerous.
Capturing on tun1
0.000000 172.16.2.87 -> 10.27.43.2 TCP 43402 > ssh [SYN] Seq=0 Win=5488 Len=0 MSS=1372 TSV=4281489852 TSER=0 WS=6
2.999393 172.16.2.87 -> 10.27.43.2 TCP 43402 > ssh [SYN] Seq=0 Win=5488 Len=0 MSS=1372 TSV=4281492852 TSER=0 WS=6
3.016473 10.27.43.2 -> 172.16.2.87 TCP ssh > 43402 [SYN, ACK] Seq=0 Ack=1 Win=9520 Len=0 MSS=1360
3.016507 172.16.2.87 -> 10.27.43.2 TCP 43402 > ssh [ACK] Seq=1 Ack=1 Win=5488 Len=0
18.643335 172.16.2.87 -> 10.27.43.2 ICMP Echo (ping) request
22.230203 10.27.43.2 -> 172.16.2.87 SSH Server Protocol: SSH-2.0-SSH_2.0
22.230275 172.16.2.87 -> 10.27.43.2 TCP 43402 > ssh [ACK] Seq=1 Ack=17 Win=5488 Len=0
22.230506 172.16.2.87 -> 10.27.43.2 SSH Client Protocol: SSH-2.0-OpenSSH_5.3\r
22.239445 10.27.43.2 -> 172.16.2.87 TCP [TCP Retransmission] [TCP segment of a reassembled PDU]
22.239467 172.16.2.87 -> 10.27.43.2 TCP [TCP Dup ACK 8#1] 43402 > ssh [ACK] Seq=22 Ack=17 Win=5488 Len=0 SLE=1 SRE=17
22.292921 10.27.43.2 -> 172.16.2.87 TCP [TCP Retransmission] [TCP segment of a reassembled PDU]
22.292942 172.16.2.87 -> 10.27.43.2 TCP [TCP Dup ACK 8#2] 43402 > ssh [ACK] Seq=22 Ack=17 Win=5488 Len=0 SLE=1 SRE=17
22.293092 10.27.43.2 -> 172.16.2.87 ICMP Echo (ping) reply
22.689753 10.27.43.2 -> 172.16.2.87 TCP ssh > 43402 [ACK] Seq=17 Ack=22 Win=9499 Len=0
22.689783 172.16.2.87 -> 10.27.43.2 SSHv2 Client: Key Exchange Init
22.920161 10.27.43.2 -> 172.16.2.87 TCP [TCP segment of a reassembled PDU]
22.920195 172.16.2.87 -> 10.27.43.2 TCP 43402 > ssh [ACK] Seq=814 Ack=313 Win=6432 Len=0
22.921346 172.16.2.87 -> 10.27.43.2 SSHv2 Client: Diffie-Hellman GEX Request
23.190010 10.27.43.2 -> 172.16.2.87 TCP [TCP segment of a reassembled PDU]
23.190706 172.16.2.87 -> 10.27.43.2 SSHv2 Client: Diffie-Hellman GEX Init
23.660947 10.27.43.2 -> 172.16.2.87 TCP [TCP segment of a reassembled PDU]
23.662344 172.16.2.87 -> 10.27.43.2 SSHv2 Client: New Keys
24.059290 10.27.43.2 -> 172.16.2.87 TCP ssh > 43402 [ACK] Seq=1121 Ack=998 Win=8523 Len=0
24.059313 172.16.2.87 -> 10.27.43.2 SSHv2 Encrypted request packet len=48
24.279296 10.27.43.2 -> 172.16.2.87 TCP [TCP segment of a reassembled PDU]
24.279483 172.16.2.87 -> 10.27.43.2 SSHv2 Encrypted request packet len=64
24.649949 10.27.43.2 -> 172.16.2.87 TCP [TCP segment of a reassembled PDU]
24.689387 172.16.2.87 -> 10.27.43.2 TCP 43402 > ssh [ACK] Seq=1110 Ack=1217 Win=8528 Len=0
... snip ...
***** tshark terminated ******