"Remote scp sent illegal error code" and slow SSH connection

Brook

Well-Known Member
Apr 22, 2005
99
0
156
Not sure why but today I've started to get this error message when trying to scp files over to the server.

Also, I've noticed that logging in to SSH is now taking ages.

It was working fine yesterday. Could a whm/cpanel update be responsible? Should I turn the automatic updates off?

Could it be datacentre related?

Could CSF be responsible? (I've switched the firewall and lfd off - but still the same).

It was working fine until just recently. Any ideas what could be going on?
 

serversignature

Well-Known Member
Nov 26, 2007
107
0
66
Bangalore
Use the following .. to debug.

ssh -v [email protected]

-v ---> Verbose mode. Causes ssh to print debugging messages about its progress. This is helpful in debugging connection, authentica‐tion, and configuration problems. Multiple -v options increase the verbosity. The maximum is 3.
 

Brook

Well-Known Member
Apr 22, 2005
99
0
156
Thanks Kiran, the delay (19 seconds!) is occurring between these two lines:

debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-dss blen 433

I've tried connecting with the same ssh client to my other server, and there is almost zero delay between those two lines (infact the whole login is almost instant on that server).

This has only just started to happen - it was fine before :confused:

Wonder what's going on?
 

Brook

Well-Known Member
Apr 22, 2005
99
0
156
Just fixed the delay by using this in sshd_config:

UseDNS no

but is it safe?

Edit:Here's some info from openssh.com:

3.3 - ssh(1) takes a long time to connect or log in

Large delays (more that 10 seconds) are typically caused a problem with name resolution:
  • Some versions of glibc (notably glibc 2.1 shipped with Red Hat 6.1) can take a long time to resolve "IPv6 or IPv4" addresses from domain names. This can be worked around with by specifying AddressFamily inet option in ssh_config.
  • There may be a DNS lookup problem, either at the client or server. You can use the nslookup command to check this on both client and server by looking up the other end's name and IP address. In addition, on the server look up the name returned by the client's IP-name lookup. You can disable most of the server-side lookups by setting UseDNS no in sshd_config.

Delays less than 10 seconds can have other causes.
  • OpenSSH releases prior to 3.8 had an moduli file with moduli that were just smaller than what sshd would look for, and as a result, sshd would end up using moduli significantly larger than requested, which resulted in a speed penalty. Replacing the moduli file will resolve this (note that in most cases this file will not be replaced during an upgrade and must be replaced manually).
  • OpenSSH releases prior to 3.8 had a flaw in ssh that would cause it to request moduli larger than intended (which when combined with the above resulted in significant slowdowns). Upgrading the client to 3.8 or higher will resolve this issue.
  • If either the client or server lack a kernel-based random number device (eg Solaris < 9, AIX < 5.2, HP-UX < 11.11) and no substitute is available (eg prngd) it's possible that one of the programs called by ssh-rand-helper to generate entropy is hanging. This can be investigated by running it in debug mode: /usr/local/libexec/ssh-rand-helper -vvv

Any significant delays should be investigated and rectified, or the corresponding commands should be removed from ssh_prng_cmds.
That hasn't hpwever fixed the SCP issue, which is still giving me the error: Remote scp sent illegal error code
 
Last edited: