Description
Hi everyone,
We are using renci library for SSHing into routers. In past, ssh timeout issue was around but the count was low. But now we are seeing the timeout errors more frequently. Below are error logs in failure calls:
FYI : Text in bold are custom logs.
ReceiveMessage from server: 'KeyExchangeInitMessage': 'SSH_MSG_KEXINIT'.
Inside : OnKeyExchangeInitReceived
ReceiveMessage from server: 'KeyExchangeDhGroupExchangeGroup': 'SSH_MSG_KEX_DH_GEX_GROUP'.
ReceiveMessage from server: 'KeyExchangeDhGroupExchangeReply': 'SSH_MSG_KEX_DH_GEX_REPLY'.
ReceiveMessage from server: 'NewKeysMessage': 'SSH_MSG_NEWKEYS'.
ReceiveMessage from server: 'ServiceAcceptMessage': 'SSH_MSG_SERVICE_ACCEPT'.
ReceiveMessage from server: 'FailureMessage': 'SSH_MSG_USERAUTH_FAILURE'.
ReceiveMessage from server: 'InformationRequestMessage': 'SSH_MSG_USERAUTH_INFO_REQUEST'.
ReceiveMessage from server: 'FailureMessage': 'SSH_MSG_USERAUTH_FAILURE'.
ReceiveMessage from server: 'FailureMessage': 'SSH_MSG_USERAUTH_FAILURE'.
Renci.SshNet.Common.SshOperationTimeoutException: Session operation has timed out
at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle)
at Renci.SshNet.Session.Connect()
….
Sometime we do see below logs:
ReceiveMessage from server: 'KeyExchangeInitMessage': 'SSH_MSG_KEXINIT'.
Inside : OnKeyExchangeInitReceived
System.Net.Sockets.SocketException (0x80004005): An established connection was aborted by the software in your host machine
at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle)
at Renci.SshNet.Session.Connect()
….
Sometime we see below logs:
ReceiveMessage from server: 'KeyExchangeInitMessage': 'SSH_MSG_KEXINIT'.
Inside : OnKeyExchangeInitReceived
ReceiveMessage from server: 'KeyExchangeDhGroupExchangeGroup': 'SSH_MSG_KEX_DH_GEX_GROUP'.
ReceiveMessage from server: 'KeyExchangeDhGroupExchangeReply': 'SSH_MSG_KEX_DH_GEX_REPLY'.
Renci.SshNet.Common.SshOperationTimeoutException: Session operation has timed out
at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle)
at Renci.SshNet.Session.Connect()
….
We tried adding more logs on the client side to analyze what causing the sshtimeout, we observed that, failure is coming at different stages before Channel open success stage as :
- It is happening after/at-time of Key exchange init
- It is happening after/at-time of user authorisation
- It is happening after/at-time of service acceptance
Connection timeout at each wait handle (KeyExchange, ServiceAccept, UserAuth) were increased from default 30 to 180 with little improvements.
What we experimented in renci code?
While trying to make parallel calls, we observed that calls were waiting for semaphore to acquire. After looking into renci code, it was noticed that the semaphore value was hardcoded to 30 (old renci value), which was stopping 31st call to go-in.
And this causes thread to accumulate and end result is – our application was end-up running with high thread counts and hence it requires timely restart otherwise application becomes unresponsive. Below code reference:
SSH.NET/Session.cs at develop · sshnet/SSH.NET (github.com)
Private static readonly SemaphoreLight AuthenticationConnection = new semaphoreLight(3) – Semaphore is static and is shared across sessions
To overcomes this problem we thought of increasing semaphore value to 3000 and observe the application performance but since then we are seeing increase in SshOperationTimeout issue.
Logically speaking, increasing semaphore value is just making more calls to go-in instead of waiting for semaphore. So, as per our understanding it should not create any problem but we would like to double check on it.
Is there any limit in Renci wrt number of concurrent ssh sessions ?
Can anyone from community help to resolve the problem or have insights around the same?