SSH freezing moments after successfully connecting, then Broken Pipe

Question

Sorry to ask about a topic that's been done to death, but I haven't found what I need yet.

I've set up a lambda machine with an SSH server. I can connect to it from my laptop with ssh -l <username> <ipv4 address> and even start python3 and import numpy, but by then the session freezes client-side, and in a few seconds I get "client_loop: send disconnect: Broken pipe".

I can connect to the ssh server from the lambda machine itself fine (a session window to itself on itself, where it is both server and client), and I encounter no such problem.

I've set ClientAliveInterval 300 and ClientAliveCountMax 3 in /etc/ssh/sshd_config on the server, in an attempt to clean up some of the ghost connections left over: extra entries in the list of who is logged in. But this doesn't fix my freezing problem; the time scale of freezing is way shorter than this anyway. Similar keep-alive settings work on the order of 60 seconds, and I'm seeing freezing after maybe 5 seconds.

It's odd, because traffic is definitely getting through for a second, which inclines me to think this isn't a firewall issue.

Here is the result from my client when I add a -v flag:

pavel@Pavels-MacBook-Pro Desktop % ssh -v -l kutz 128.95.***.***
OpenSSH_9.6p1, LibreSSL 3.3.6
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 128.95.***.*** [128.95.***.***] port 22.
debug1: Connection established.
debug1: identity file /Users/pavel/.ssh/id_rsa type 0
debug1: identity file /Users/pavel/.ssh/id_rsa-cert type -1
debug1: identity file /Users/pavel/.ssh/id_ecdsa type -1
debug1: identity file /Users/pavel/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/pavel/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/pavel/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /Users/pavel/.ssh/id_ed25519 type -1
debug1: identity file /Users/pavel/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/pavel/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/pavel/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /Users/pavel/.ssh/id_xmss type -1
debug1: identity file /Users/pavel/.ssh/id_xmss-cert type -1
debug1: identity file /Users/pavel/.ssh/id_dsa type -1
debug1: identity file /Users/pavel/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.6 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 128.95.***.***:22 as 'kutz'
debug1: load_hostkeys: fopen /Users/pavel/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:REJV3CKi4EuWRQviLyPngMWlV3Hblls2QtgmIMaK/O0
debug1: load_hostkeys: fopen /Users/pavel/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '128.95.***.***' is known and matches the ED25519 host key.
debug1: Found key in /Users/pavel/.ssh/known_hosts:4
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]>
debug1: kex_ext_info_check_ver: [email protected]=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: Will attempt key: /Users/pavel/.ssh/id_rsa RSA SHA256:iNg9LLZD0Jfy3RMqOkQNi5xFfUcclJzKYM+avRb9M78
debug1: Will attempt key: /Users/pavel/.ssh/id_ecdsa 
debug1: Will attempt key: /Users/pavel/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /Users/pavel/.ssh/id_ed25519 
debug1: Will attempt key: /Users/pavel/.ssh/id_ed25519_sk 
debug1: Will attempt key: /Users/pavel/.ssh/id_xmss 
debug1: Will attempt key: /Users/pavel/.ssh/id_dsa 
debug1: Offering public key: /Users/pavel/.ssh/id_rsa RSA SHA256:iNg9LLZD0Jfy3RMqOkQNi5xFfUcclJzKYM+avRb9M78
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/pavel/.ssh/id_ecdsa
debug1: Trying private key: /Users/pavel/.ssh/id_ecdsa_sk
debug1: Trying private key: /Users/pavel/.ssh/id_ed25519
debug1: Trying private key: /Users/pavel/.ssh/id_ed25519_sk
debug1: Trying private key: /Users/pavel/.ssh/id_xmss
debug1: Trying private key: /Users/pavel/.ssh/id_dsa
debug1: Next authentication method: password
[email protected].***.***'s password: 
Authenticated to 128.95.***.*** ([128.95.***.***]:22) using "password".
debug1: channel 0: new session [client-session] (inactive timeout: 0)
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: filesystem
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: client_input_hostkeys: searching /Users/pavel/.ssh/known_hosts for 128.95.***.*** / (none)
debug1: client_input_hostkeys: searching /Users/pavel/.ssh/known_hosts2 for 128.95.***.*** / (none)
debug1: client_input_hostkeys: hostkeys file /Users/pavel/.ssh/known_hosts2 does not exist
debug1: client_input_hostkeys: no new or deprecated keys from server
debug1: Sending environment.
debug1: channel 0: setting env LANG = "en_US.UTF-8"
debug1: pledge: fork
Welcome to Ubuntu 22.04.4 LTS (GNU/Linux 6.5.0-26-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro

Expanded Security Maintenance for Applications is not enabled.

0 updates can be applied immediately.

14 additional security updates can be applied with ESM Apps.
Learn more about enabling ESM Apps service at https://ubuntu.com/esm


21 updates could not be installed automatically. For more details,
see /var/log/unattended-upgrades/unattended-upgrades.log
Last login: Tue Mar 26 10:48:34 2024 from 10.19.51.84
kutz@kutz-Lambda-Vector:~$ who
kutz     :1           2024-03-26 10:47 (:1)
kutz     pts/0        2024-03-26 10:48 (10.19.51.84)
kutz     pts/2        2024-03-26 10:52 (10.19.51.84)
kutz@kutz-Lambda-Vector:~$ client_loop: send disconnect: Broken pipe

It froze after who.

With -vvv, I get for my last bit:

Last login: Tue Mar 26 10:52:48 2024 from 10.19.51.84
kutz@kutz-Lambda-Vector:~$ debug3: obfuscate_keystroke_timing: starting: interval ~20ms
who
kutz     :1           2024-03-26 10:47 (:1)
kutz     pts/0        2024-03-26 10:48 (10.19.51.84)
kutz     pts/2        2024-03-26 10:52 (10.19.51.84)
kutz     pts/3        2024-03-26 11:06 (10.19.51.84)
kutz@kutz-Lambda-Vector:~$ debug3: obfuscate_keystroke_timing: stopping: chaff time expired (0 chaff packets sent)
debug3: obfuscate_keystroke_timing: starting: interval ~20ms
python3
Python 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> debug3: obfuscate_keystroke_timing: stopping: chaff time expired (0 chaff packets sent)
debug3: obfuscate_keystroke_timing: starting: interval ~20ms
debug3: obfuscate_keystroke_timing: stopping: chaff time expired (0 chaff packets sent)
debug3: obfuscate_keystroke_timing: starting: interval ~20ms
debug3: obfuscate_keystroke_timing: stopping: chaff time expired (0 chaff packets sent)
debug3: obfuscate_keystroke_timing: starting: interval ~20ms
debug3: obfuscate_keystroke_timing: stopping: chaff time expired (0 chaff packets sent)
debug3: obfuscate_keystroke_timing: starting: interval ~20ms
debug3: obfuscate_keystroke_timing: stopping: chaff time expired (0 chaff packets sent)
debug3: obfuscate_keystroke_timing: starting: interval ~20ms
debug3: send packet: type 1
client_loop: send disconnect: Broken pipe

Answer 1

We got a second machine, which I set up identically, and funny enough SSHing to it didn't result in any freezing problems. I pondered in the background, until later I had a flash of insight: What had I done differently across the two? I'd connected the first to the University WiFi network in addition to the wired network!

Why should that matter? Apparently these machines have generic Ubuntu, not the server flavor, so they might choose to try to hop around and route traffic through multiple connections. Turning off the wireless interface results in a stable connection.