SSH session hangs after user enters credentials

book

Article ID: CTX277639

calendar_today

Updated On:

Description

User is unable to ssh to a VPX from a device outside of the network where the netscaler resides. After authentication the putty session hangs with a blank screen. The ns.log shows a successful authentication event.

Resolution

To Fix this issue:

1. copy the sshd config file from etc "cp /etc/sshd_config /nsconfig/"
2. modify sshd_config file located in the nsconfig directory with the following: IPQoS=throughput (if throughput doesnt resolve your issue try IPQoS=reliability)
3. restart sshd or, reboot the netscaler.

Problem Cause

In OpenSSH version 8.1+ a DSCP value of AF21 is appended by default. This seems to break communication in some environments.

From OpenSSH manual:

* ssh(1)/sshd(8): the default IPQoS used by ssh/sshd has changed.

They will now use DSCP AF21 for interactive traffic and CS1 for

bulk. For a detailed rationale, please see the commit message:

https://cvsweb.openbsd.org/src/usr.bin/ssh/readconf.c#rev1.284

AF21 was selected as this is the highest priority within the low-latency

service class (and it is higher than what we have today). SSH is elastic

and time-sensitive data, where a user is waiting for a response via the

network in order to continue with a task at hand. As such, these flows

should be considered foreground traffic, with delays or drops to such

traffic directly impacting user-productivity.

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"