frequent ssh drops due to "Connection timed out during banner exchange"

Archives Ansible Project
1

Hi,

For some reason if I’m connecting to the host using ansible connection is been dropped frequently with “Connection timed out during banner exchange” message…

Any hints? pls check output below… again if I just ‘ssh lb0014’ everything is fine

2

Anything particularly interesting about the setup, OSes involved (managed or managing), or network?

3

Hi,

it’s a LAN with some VLANs configured (out of my control so hardly can tell more). As I don’t see any problem with ssh, I guess it could be ssh library ansible is using… (needs to be tuned or may be changed?)

ansible version is 1.6.2

controller (ansible) host is osx:

Darwin hostname 13.1.0 Darwin Kernel Version 13.1.0: Thu Jan 16 19:40:37 PST 2014; root:xnu-2422.90.20~2/RELEASE_X86_64 x86_64

target host is redhat linux:

Linux lb0079 2.6.32-358.14.1.el6.x86_64 #1 SMP Mon Jun 17 15:54:20 EDT 2013 x86_64 x86_64 x86_64 GNU/Linux

ssh connection is being proxied by:

host lb0*
user some_user

ProxyCommand ssh proxyhost /usr/bin/nc %h %p 2> /dev/null
identityfile /Users/e21170/.ssh/id_dsa

#Host lb0*

ControlPath ~/.ssh/%h.%p.%r

ControlMaster auto

4

How many parallel connections are you proxying through “proxyhost”? My team encounter a similar situation where the “ssh_config” directive “MaxStartups” was too low, and the ssh connection timeout value was being exceeded connecting to the proxy server.

At any rate, check your proxy’s MaxStartups, and adjust accordingly. You can test if this is an issue by setting a fork limit to 1 – one connection (as opposed to potentially many parallel connections) should be rather quick.

Additionally, I’d look into that proxy command. Is there any reason why you cannot proxy using the -W argument for proxying? I’m curious if the proxy command is wonky and causes some sort of connection problem with ansible’s default SSH configuration settings.

5

Hi,

MaxStartups is a great idea, thanks! will ask sysadmins to adjust that setting. also no reason not to use -W other than ‘old school’ pattern. switched to it (though i doubt it’s an issue)

6

it looks like adjusting MaxStartups doesn’t help in my case… also netstat on a proxy machine doesn’t show lots of connections to 22 port… so just wondering what could it be…

just to recap ssh to target host connects quickly all the time. ansible sometimes repeatedly fails… after waiting for approx 1 sec.

7

Have you tried increasing ConnectionTimeout to something higher than 10 seconds?