Outbound ssh/sftp connections timing out

Go to helpful replies
daaaveybaby
Contributor II

‎10-11-2023 12:02 PM

I'm having problems with outgoing secure connections (ssh, sftp, etc.) The connections regularly timeout. If I keep trying I will eventually make a connection to the remote server. This only occurs when my computer is attached to my home Bell Fibe network (either wireless or wired). I've my notebook at different physical sites with no issues.

Any help or hint would be appreciated.

Thanks.

0 Likes
0 11 2,357
1 helpful reply

Accepted Solutions

Go to helpful replies
daaaveybaby
Contributor II
In response to ZaneP

‎10-14-2023 02:27 PM

I tried all connectivity tests (ping, traceroute, etc.) before anything else.

I have found the cause of my problem. SSH is performing DNS checks on the incoming connections. There seems to be something with the Bell DNS servers that are causing a timeout with this authentication and verification cycle. Disabling the DNS validation portion of ssh authentication resolves the issue. Now everything is quite snappy.

 

View reply in original post

11 REPLIES 11

Go to helpful replies
ZaneP
Community All-Star
Community All-Star

‎10-11-2023 06:12 PM - edited ‎10-11-2023 06:13 PM

So you're not having any problems when outside the Bell domain?

Have you done a traceroute to the remote server when you're at home on your LAN? It will show the routing and may reveal some issues when your ssh rclient is making the connection request.

Cheers,

ZaneP

I don't work for Bell, just a customer

I am a Community All-Star and customer. I'm here to help by sharing my knowledge and experience. My views on Bell and the Community Forum are my own and not the views of Bell or any of its affiliates.

Go to helpful replies
daaaveybaby
Contributor II
In response to ZaneP

‎10-14-2023 02:27 PM

I tried all connectivity tests (ping, traceroute, etc.) before anything else.

I have found the cause of my problem. SSH is performing DNS checks on the incoming connections. There seems to be something with the Bell DNS servers that are causing a timeout with this authentication and verification cycle. Disabling the DNS validation portion of ssh authentication resolves the issue. Now everything is quite snappy.

 

Go to helpful replies
Nono31
Contributor II

‎10-27-2023 08:22 PM - edited ‎10-27-2023 09:01 PM

I have the exact same problem with SSH... only happens on Bell Wifi at home (tried at 2 homes with BELL). using hotspot (fizz, bell) or wifi on other ISP, I have no problem. 

How did you disabled dns check?

0 Likes

Go to helpful replies
daaaveybaby
Contributor II
In response to Nono31

‎10-28-2023 02:56 PM

On my Linux machine, I edited /etc/ssh/ssd_config and set the following:

UseDNS no

Then restarted sshd, e.g. "systemctl restart sshd"

 

Go to helpful replies
Nono31
Contributor II
In response to daaaveybaby

‎10-31-2023 12:09 PM

then that's on the server level... which I can't change... 😞

thanks!

0 Likes

Go to helpful replies
Vanadiel
Community All-Star
Community All-Star
In response to Nono31

‎10-31-2023 12:54 PM

It's normal behavior because it's doing a forward and reverse DNS check on your IP. It will fail because the DNS server used has no record for your domain and that IP for a reserve lookup. You only have that record locally for a forward lookup. You would need to have access to the authoritative server for that zone in order to map the hostname to that IP. It's a safety feature as that is another thing a potential hacker would need to be able to access and modify in order for reverse lookup and forward lookup to your local domain to work.

 

I am a Community All-Star and customer. I'm here to help by sharing my knowledge and experience. My views on Bell and the Community Forum are my own and not the views of Bell or any of its affiliates.

Go to helpful replies
Nono31
Contributor II

‎11-01-2023 11:54 AM

@Vanadiel you are saying that we should keep `UseDNS on` ? if so Bell needs to fix their side. I am connecting to the ssh a lot per day, loosing a lot of time because of this issue... 😞

0 Likes

Go to helpful replies
Vanadiel
Community All-Star
Community All-Star
In response to Nono31

‎11-01-2023 01:06 PM

No, I am not saying that. What I am saying is that part of the protocol is to perform a forward and reverse DNS check. It's not an issue with Bell and not something they need to fix.

If you are performing SSHD from an IP that has a proper domain associated with it, it will not fail.

But it will fail if you perform it from a LAN in the range of 192.168.x.x. A possible solution would be to use DMZ and get an external IP address. This way the DNS server will have a proper DNS record for both forward and reverse lookup.

I am a Community All-Star and customer. I'm here to help by sharing my knowledge and experience. My views on Bell and the Community Forum are my own and not the views of Bell or any of its affiliates.

Go to helpful replies
daaaveybaby
Contributor II

‎11-01-2023 07:08 PM

If it's giving you problems, then definitely disable UseDNS. From what I can see it's only used for host-based authentication, which can be important if you are making use of keys + hostnames for your authentication; but if you're not using that then there's no problem.

Regarding DNS resolution. I've tested frontways and backways from my IPs without issue. Everything resolves properly. (i.e. ptr and a records exist and match.) There's something about the Bell network that gives me trouble. If I try my connections from other networks I have no issues. (I roam a lot.) However, whatever the issue is it is not significant enough to warrant a great deal of my time. Koodos to anyone who has the time and inclination to figure this out.

0 Likes

Go to helpful replies
Vanadiel
Community All-Star
Community All-Star
In response to daaaveybaby

‎11-02-2023 10:21 AM

The only downside to disable UseDNS is that the log file will only show IP's, not resolved host names. That might make it a bit harder to read should you need to read it.

I am a Community All-Star and customer. I'm here to help by sharing my knowledge and experience. My views on Bell and the Community Forum are my own and not the views of Bell or any of its affiliates.

Go to helpful replies
Nono31
Contributor II

‎11-02-2023 10:47 AM

I just disabled it on the server... which solved my issue... 

I still wonder why this in only an issue on BELL fibe and not other ISP... 🤔