Problems with ssh connections to hosts behind jumphost

Johannes_Kastl · June 18, 2016, 3:11pm

Dear all,

I have some hosts that I can only reach via a jumphost. So, my
.ssh/config contains:

Host foobar
  ...
  ProxyCommand ssh -W %h:%p whatever
  ...

I have a strange, intermittent issue, that I can connect to one of
these hosts via ansible and run a playbook. Running it on more than
one host fails out, sometimes "unreachable", sometimes module errors.
Re-running the playbook on the failing host only works.

Any hints, how to solve this? Or how to look for the error? I thought
about checking ssh multiplexing, pipelining and similiar stuff, but
without an idea where to look I'm kind of in the dark here...

Any help would be highly appreciated!

Johannes

sivel · June 18, 2016, 3:18pm

You may want to look into raising the MaxStartups sshd config on the bastion.

Maybe also look into increasing timeout in Ansible.cfg

Johannes_Kastl · June 18, 2016, 3:28pm

Thanks Matt,

that was quick!

You may want to look into raising the MaxStartups sshd config on the
bastion.

I'll try 100:30:300 and see, thanks for the suggestion.

Maybe also look into increasing `timeout` in Ansible.cfg

I already did that, but to no avail...

Johannes

Johannes_Kastl · June 19, 2016, 1:35pm

Although timeout is set to 30s and MaxStartups is set to 100:30:300, I
still have intermittent failures.

I tried to set 'serial: 2' in the group_vars, but I am not sure if
this has to be set on play level. Off to read the docs..

Johannes

Mirko_Friedenhagen · June 19, 2016, 6:37pm

One thing which once hit me: on MacOSX the file ulimit was only 256. I have about 140 hosts and when our company decided to use a jump host I suddenly ran into problems because the pipelined connections now hit this limit.

Regards
Mirko

Johannes_Kastl · June 19, 2016, 7:06pm

Hi Mirko,

Bogdan_Mihaescu · June 23, 2016, 9:57am

Hello,

I have the same problem. Did you find any solution for this ?

Thanks

Johannes_Kastl · June 23, 2016, 6:56pm

As the hosts are lxc containers running on the jump host (and only
being available via the jump host), I guess it might be due to memory
usage when the commands are being run on all hosts simultaneously.

I'm in the middle of trying out some things, but no, a real solution
did not present itself.

Try (and maybe disable) ssh multiplexing, pipelining and starting the
playbooks with forks and/or serial...

Johannes

Topic		Replies	Views
ANSIBLE randomly fails to connect to hosts behind bastion Ansible Project	1	0	August 28, 2019
frequent ssh drops due to "Connection timed out during banner exchange" Ansible Project	6	2	July 1, 2014
Jumphost + Ansible Ansible Project	0	0	March 20, 2018
Problem connecting to host behind jump server when host set dynamically Ansible Project ubuntu	4	1	February 7, 2017
bastion host type connection to ansible Ansible Project	1	0	December 21, 2016

Problems with ssh connections to hosts behind jumphost

Related topics