Trace: » HomeForumsSupportOther

ssh access

12 replies [Last post]
29 May, 2014 - 14:58
allanayr
Offline
Ayr, United Kingdom
Joined: 25 Sep 2011

A minor irritation rather than anything greater, but recently when ssh-ing into one of my boxes, there is a delay of about a minute before the login is possible. It's not a major problem but my iPhone webssh app times out before I get to log in, though I can log in from a laptop or desktop on the network.

My other box works fine. I don't know what I've done to make this happen but any suggestions would be welcome.

Top
29 May, 2014 - 20:48
#1
mark_baldwin
Offline
Blackburn, United Kingdom
Joined: 19 May 2012
which box?Is it the Livebox

which box?

Is it the Livebox or the Pi?

Top
29 May, 2014 - 21:02
#2
allanayr
Offline
Ayr, United Kingdom
Joined: 25 Sep 2011
It's the livebox. 

It's the livebox. 

Top
29 May, 2014 - 21:12
#3
mark_baldwin
Offline
Blackburn, United Kingdom
Joined: 19 May 2012
do you have the same issue

do you have the same issue using telnet?

Top
29 May, 2014 - 21:20
#4
allanayr
Offline
Ayr, United Kingdom
Joined: 25 Sep 2011
No. Just tried it and telnet

No. Just tried it and telnet seems to go in straight away, though normally I don't have telnet enabled.

Top
29 May, 2014 - 21:33
#5
mark_baldwin
Offline
Blackburn, United Kingdom
Joined: 19 May 2012
What do the loads look like

What do the loads look like on your livebox webpage?

Do you have the livebox exposed to the DMZ of your router? I'm only asking as I have had a flurry of remote accesses attempted from random ip addresses (Usually they 'appear' to be from Isreal for some reason)

Top
29 May, 2014 - 21:43
#6
allanayr
Offline
Ayr, United Kingdom
Joined: 25 Sep 2011
Build: 314/3.4Thu May 29

Build: 314/3.4
Thu May 29 22:34:39 BST 2014
up 6:45, load average: 0.17, 0.20, 0.16

I probably have some exposure because I have port forwarding setup so that I can access the boxes using a vpn server running on the Raspi. I've been away for a few weeks and doing all the access via vpn over the internet. The ssh was working fine when I left but a couple of weeks ago I started to get this long delay before I could log in.

Just had a look in the router log and got this:

 

Thu, 2014-05-29 19:37:23 - TCP Packet - Source:192.168.0.7,53955 Destination:54.224.151.253,8080 - [HAH Web Serv rule match]
Thu, 2014-05-29 20:40:38 - TCP Packet - Source:192.168.0.9,55123 Destination:23.23.55.233,8080 - [HAH Web Serv rule match]
Thu, 2014-05-29 20:40:50 - UDP Packet - Source:17.173.254.223,16387 Destination:84.92.41.186,56154 - [DOS]
Thu, 2014-05-29 20:40:50 - UDP Packet - Source:17.173.254.223,16387 Destination:84.92.41.186,61997 - [DOS]
Thu, 2014-05-29 20:40:52 - UDP Packet - Source:17.173.254.223,16387 Destination:84.92.41.186,16403 - [DOS]
Thu, 2014-05-29 20:40:52 - UDP Packet - Source:17.173.254.223,16387 Destination:84.92.41.186,61997 - [DOS]
Thu, 2014-05-29 20:41:08 - TCP Packet - Source:192.168.0.9,55123 Destination:23.23.55.233,8080 - [HAH Web Serv rule match]
Thu, 2014-05-29 21:08:47 - TCP Packet - Source:192.168.0.9,55217 Destination:107.22.128.246,8080 - [HAH Web Serv rule match]
Thu, 2014-05-29 21:09:17 - TCP Packet - Source:192.168.0.9,55217 Destination:107.22.128.246,8080 - [HAH Web Serv rule match]
Thu, 2014-05-29 21:15:59 - TCP Packet - Source:192.168.0.9,55317 Destination:67.202.28.124,8080 - [HAH Web Serv rule match]
Thu, 2014-05-29 21:17:57 - TCP Packet - Source:192.168.0.7,54223 Destination:54.211.239.188,8080 - [HAH Web Serv rule match]
Thu, 2014-05-29 21:38:11 - Administrator login successful - IP:192.168.0.4

Though not entirely sure what it means.

Top
29 May, 2014 - 21:53
#7
mark_baldwin
Offline
Blackburn, United Kingdom
Joined: 19 May 2012
I take it your HAHs are on

I take it your HAHs are on 192.xxx.xxx.7 and 9

The ones labelled [DOS] are a little alarming. I would be checking out those ip addresses. Maybe there is a lot of traffic that the router is checking but doesn't look like it is constant.

Top
29 May, 2014 - 21:56
#8
allanayr
Offline
Ayr, United Kingdom
Joined: 25 Sep 2011
Mmmm. No the liveboxex are on

Mmmm. No the liveboxex are on 192.xxx.xxx.2 and 192.xxx.xxx.3 (and one normally on .253 but currently disconnected)

Top
29 May, 2014 - 22:04
#9
mark_baldwin
Offline
Blackburn, United Kingdom
Joined: 19 May 2012
confused now

so why do the ones on 7 & 9 send packets that have [HAH Web Serv rule match]?


Top
29 May, 2014 - 22:20
#10
allanayr
Offline
Ayr, United Kingdom
Joined: 25 Sep 2011
Mmmm such hard questions! I

Mmmm such hard questions! I think that they are iDevices querying the HAH webserver to find status of HAH rf devices etc. I run mote on iDevices to control heating lights etc. The states of these are updated by pulling the data from the HAH web server. The webserverApplet runs on the HAH to keep these states up to date.

 

Though given that the desination ip's seem to be Apple or Amazon in the US I'm not actually sure that's what's happening. Looks like SWMBO was probably shopping!

Top
29 May, 2014 - 22:22
#11
brett
Offline
Providence, United States
Joined: 9 Jan 2010
SSH and Telnet will both

SSH and Telnet will both exhibit delays if you have not setup /etc/resolv.conf correctly.  Both try to reverse lookup the source IP of the connection.   If it can't do this you get a pause.

# cat /etc/resolv.conf
search local
nameserver 192.168.1.20

Mine look like this.   local is the domainname for my "local" network and I run a personal DNS you may want to omit that and just it at your router, which is what most folk do.

Brett

Top
2 June, 2014 - 17:58
#12
allanayr
Offline
Ayr, United Kingdom
Joined: 25 Sep 2011
Thanks Brett,This is what

Thanks Brett,

This is what mine contains:

nameserver 158.43.240.4
nameserver 154.32.109.18

Now changed to point at my router. Looks like that's solved the problem.

You are the font of all knowledge!

 

Edit

Just as a matter of interest the nameservers listed above are those of my ISP. The system seems to change the resolv.conf file when an IP  is allocated by DHCP and also in some other (unknown to me) circumstances. I have now changed the box to a static IP address on my network and this has stopped the resolv.conf file from being altered.

 

 

Top
Hardware Info