4 Replies Latest reply on Nov 27, 2018 5:45 PM by OuyangLane

    SSH connections dropped due to QoS flags

    quinn_jones Lurker

      I've started running into a problem with outbound SSH connections from a linux guest being dropped as soon as connection is established.  The issue is repeatable and fixable with a kludge that modifies QoS.

       

      The issue manifests itself by dropping the connection immediately after establishing it:

      $ ssh $host

      packet_write_wait: Connection to $host port 22: Broken pipe

       

      Enabling verbose flags (-v or -vvv) doesn't show anything remarkable.

       

      I've been in contact with my linux distribution's maintainers[1] and they have helped narrow the problem down to an issue with vmnat misbehaving.

      Because vmnat do not recognise AF21/CS1 DSCP flags, it'll send back a RST packet (don't know why) immediately upon received any packet having either flags, and finally break all ssh connection. (This happens soon after authentication since IPQoS applies during channel establish) [2]

      This is on VMWare Workstation 12 Player, version 12.5.9 build-7535481, running on Win 7 Enterprise.  My guest is running a current Linux kernel (4.9.95) and openssh 7.7_p1-r4 (though it seems like any software that uses QoS will have this problem.)

       

      Setting alternate QoS flags seems to work around the issue, e.g. ssh -o IPQoS=throughput ...

       

      References:

      [1] https://forums.gentoo.org/viewtopic-t-1082598.html

      [2] https://bugs.gentoo.org/658488#c3