For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

felix001_29321's avatar
felix001_29321
Icon for Nimbostratus rankNimbostratus
Mar 29, 2012

SSH Timeouts

I just setup the F5 VE trail. But when i connect via SSH it keeps disconnecting at random times. This can be 1-2 secs or a few minutes.

 

 

Can anyone help ?

 

management
monitoring

8 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Mar 29, 2012
    Hi Felix,

     

     

    This sounds like an issue with ARP rather than SSH. Do you see any IP conflicts in /var/log/ltm when this occurs? You can try to connect via the VE console to avoid the disconnections.

     

     

    Also, I suggest contacting your F5 or partner SE to request a BIG-IP VE lab edition evaluation key. The lab edition eval key will work for all current VE versions and not be subject to the limitations that the trial edition has.

     

     

    Aaron
  • felix001_29321's avatar
    felix001_29321
    Icon for Nimbostratus rankNimbostratus
    Mar 29, 2012
    I double checked the ARPs and everything appears fine, ie no different ARPs being seen at any point and when I power off the VM i dont get another ARP for the IP.

     

    The logs show no issues (??), and the device is licensed with a trail licensed.

     

     

    Any other ideas ??

     

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Mar 29, 2012
    You could run tcpdump on LTM VE and see if the resets are coming from LTM:

     

     

    Capture on TMM switch ports

     

    tcpdump -nni 0.0 host CLIENT_IP

     

     

    Capture on maagement port

     

    tcpdump -nni eth0 host CLIENT_IP

     

     

     

    You could also temporarily enable debug on sshd using 'b sshd loglevel DEBUG'.

     

     

    Aaron
  • felix001_29321's avatar
    felix001_29321
    Icon for Nimbostratus rankNimbostratus
    Mar 29, 2012
    The tcpdumps show a RST coming from the F5. I enabled the debug. Do you know where abouts the output for that is wrtten to ?
  • felix001_29321's avatar
    felix001_29321
    Icon for Nimbostratus rankNimbostratus
    Apr 03, 2012
    Has anyone got any other ideas on this. Ive run a debug (on the client) and all I can see is :

     

    ssh 'connection reset by peer'. For what ever reason the F5 keeps sending a Reset......??

     

     

     

  • felix001_29321's avatar
    felix001_29321
    Icon for Nimbostratus rankNimbostratus
    Apr 04, 2012
    Further update this seems to only occur then you are connect to one of the self IPs as management rather then the management interface. And this only occurs on the LTM VE trail (???)
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 05, 2012
    Further update this seems to only occur then you are connect to one of the self IPs as management rather then the management interface.have you checked /var/log/ltm? is there any suspicious message there?

     

     

    do you have any virtual server listening on that selfip?

     

     

    sol9812: Overview of BIG-IP TCP RST behavior

     

    http://support.f5.com/kb/en-us/solutions/public/9000/800/sol9812.html
  • felix001_29321's avatar
    felix001_29321
    Icon for Nimbostratus rankNimbostratus
    Jun 29, 2012
    In the end I found that this was only an issue/bug when connecting to a non management interface for management traffic traffic (SSH) within the LTM VE 10.1.

     

     

    Thanks,