Problem Summary:
After upgrading our forward proxy VM from Ubuntu 18.04 to 22.04 (Squid 3.5 → 5.9), all parallel SSH attempts via Ansible (more than 5 forks) are now failing intermittently with this error:
msg: |
Failed to connect to the host via ssh: Connection timed out during banner exchange
Connection to UNKNOWN port 65535 timed out```
However, serial SSH or Ansible with -f 5 works fine.
This issue did not occur on the previous Ubuntu 18.04 setup.
What Was Changed (Upgrade Comparison):
| Component | Old VM ( Working) |
New VM ( Failing in parallel) |
|---|---|---|
| OS | Ubuntu 18.04.5 LTS (bionic) | Ubuntu 22.04.5 LTS (jammy) |
| Kernel | 5.4.0-1109-azure | 6.8.0-1029-azure |
| Squid Version | 3.5.27 | 5.9 |
| OpenSSH (Client/Srv) | 7.6p1 | 8.9p1 |
| OpenSSL | 1.1.1 | 3.0.2 |
| MaxSessions in sshd | 100 | 300 (configured) |
No changes were made in sshd_config, firewall, or Ansible controller side — only the forward proxy VM was upgraded.
What I Validated:
Manual parallel SSH test from forward proxy vm using the same inventory:
for i in {302..322}; do
ssh -i ansible ansible@host$i "hostname && sleep 60" &
done
Edited → Now i tested in ubuntu 20 its working fine but not in 22
All SSH connections succeed, hostnames print, and sleep runs — no drop.
Key Questions:
- Why is only Ansible pipeline failing? Manual SSH from same proxy works in parallel with full concurrency.
- Could there be Squid 5.9 or OpenSSH 8.9 change affecting handshake timing or concurrency?
- Why does SSH show failure on
port 65535? Is this a symptom of connection exhaustion or proxy tunneling failure? - Any sysctl or Squid tuning needed for large concurrent TCP tunnels in newer Ubuntu 22.04?
- Could OpenSSL 3.0.2 or kernel 6.8.0 be affecting ephemeral port reuse or TCP behavior?