[grsec] grsec hanging ssh ?

[Auke Kok]

jnf wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Hi.
>
>Okay I've spent a little over a week trouble shooting this and finally I
>have reached the conclusion that it is in fact related to grsec.
>
>The situation is that I have a series of bastion hosts, one in the dmz one
>'on the other side', dmz is implemented via a pix. When I go through the
>dmz host (any host in here will do the same) through the nat translation
>into the other host (grsec 2.1.1 / 2.6.10 + sec fixes ) after about five
>minutes of being idle the connection locks up- it does basically a half
>close although at a network level it does not do a half close. I cannot
>send data, however I can receive data (i.e. i cannot type however if
>someone does a wall I can receive it). From a network perspective both
>ends of the connection appear to think the connection is still open, (no
>half closes or similar occur, they simply 'stop talking' to each other),
>I've attached a debugger to both the client end and server end and have
>not found anything I would call overly strange.
>
>If I directly connect to either of the boxes or put one of them in the dmz
>itself, it works fine- which initially led me to believe it was a nat
>translation timeout or similar in the pix, however after rebooting into a
>stock kernel image w/ no grsec/rbac, the connection never locks up.
>
>In sshd keep alive is turned on, and I've run out of ideas. I run grsec on
>several different servers with no problems so I wonder if its a combo of
>the pix and grsec, has anyone encountered something similar?
>  
>
every day. However I have never thought of grsec being the culprit... I 
always thought it was my employers crappy routers. Still, the evidence 
is minor, as some of my grsec machines have no problems keeping 
connections (ssh) alive, while others seem dead for 2-5minutes at random 
intervals.

Any plan of attack? I've put plenty of time already into this issue but 
no success.

Auke