From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Adam T. Bowen" Subject: Re: Preventing SSH timeouts . Some clarification needed Date: Wed, 09 Jun 2010 09:15:39 +0100 Message-ID: <4C0F4DAB.1080205@agitate.org.uk> References: <19470.7648.11783.723775@cerise.gclements.plus.com> <19470.28038.973172.643232@cerise.gclements.plus.com> Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms090002090100040106090204" Return-path: In-Reply-To: Sender: linux-admin-owner@vger.kernel.org List-ID: To: query Cc: linux-admin@vger.kernel.org This is a cryptographically signed message in MIME format. --------------ms090002090100040106090204 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi, Another setting to try, on the client side, is the ServerAliveInterval. This sets a keep alive packet to be sent within the SSH protocol, as opposed to TCPKeepAlive which is within the underlying TCP connection. I have had the misfortune to be behind firewalls that have harvested "dead" connections far too quickly, in my opinion, and this setting worked for me where TCPKeepAlive didn't. Worth a try. Cheers, Adam On 09/06/10 07:44, query wrote: > Guys , since we are clear now that we are not behind NAT , so we can > forget now about reducing the keep-alive time > (/proc/sys/net/ipv4/tcp_keepalive_time) to a value less than the NAT > timeout. But anyways , I learn something new :) . > The most likely reason which Michael also agreed can be the high load > on both the system . >=20 > So, do you suggest now to enable to enable the ClientAliveInterval > option . Also , since ClientAliveCountMax is enabled by default with a > value of 3 , > so probably I will keep the value of ClientAliveInterval less than 300 > secs . I will probably keep it at 60 secs. So , the connection will > dropout after 180 secs if there is no response . >=20 > Also , somewhat strange , TCPKeepAlive option is disabled in our > sshd_config file , not sure why . So , If ClientAliveInterval is > enabled , can we can leave TCPKeepAlive disabled . Is our purpose > will serve ? >=20 >=20 > Thanks > Zaman >=20 > On Tue, Jun 8, 2010 at 9:49 PM, Glynn Clements wrote: >> >> query wrote: >> >>>> I can't see how this can be caused by load. If you haven't yet enabl= ed >>>> ClientAliveInterval, then the connection isn't being closed by sshd >>>> but by the kernel, due to TCP keep-alives not being acknowledged. >>> >>> okay...that may be the cause . The client host was also busy because >>> of which TCP keep-alive were not acknowledged. >> >> Load won't have any effect upon TCP keep-alives, as it's the kernel >> which acknowledges keep-alive packets, not the user process. >> >> Keep-alive allows you to detect that a host is unreachable (e.g. >> network failure, system crash, power failure, etc). It doesn't tell >> you anything about an individual process. >> >>>> As Michal suggests, the most likely reason for this is a NAT timeout= =2E >>>> If you're using NAT, you probably want to set the keep-alive time >>>> (/proc/sys/net/ipv4/tcp_keepalive_time) to a value less than the NAT= >>>> timeout. Even then, that will only work for programs which enable >>>> keep-alive (ssh and sshd both do by default; this is controlled by t= he >>>> TCPKeepAlive option). >>> >>> How to determine the value of NAT timeout . Is it at the host level o= r >>> the device where NATing is implemented . >> >> The device which performs NAT. >> >>> I was able to find the keepalive timeout value at the host . >>> >>> =3D=3D=3D=3D >>> $ sudo sysctl -a | grep -i keepalive >>> net.ipv4.tcp_keepalive_time =3D 7200 >>> net.ipv4.tcp_keepalive_probes =3D 9 >>> net.ipv4.tcp_keepalive_intvl =3D 75 >>> =3D=3D=3D=3D=3D >>> >>> Most likely I am not behind NAT , I will confirm it tomorrow . If tha= t >>> is the case , then which should I consider to increase the timeout >>> value. >>> The kernel timeout value or implement either TCPKeepAlive option or >>> the ClientAliveInterval interval . TCPKeepAlive option is somehow >>> disabled in the sshd config file . Please clarify regarding this. >> >> TCPKeepAlive is enabled by default. But even if it's enabled, the >> 2-hour wait before any keep-alives are sent typically won't be enough >> to prevent NAT entries from expiring. >> >> Even the 5-minute interval between SSH keep-alives may be longer than >> the NAT expiry time. Low-end router/modem devices with built-in NAT >> seem base their default configuration on the assumption that you're >> using HTTP from Win95 boxes, where a connection being idle for more >> than 30 seconds usually means that the Win95 box has crashed. >> >> Another possibility is a really cheap ISP which uses (a heavily >> oversubscribed pool of) dynamic IP addresses, which expire whenever >> the connection is idle for more than a minute. >> >> -- >> Glynn Clements >> > -- > To unsubscribe from this list: send the line "unsubscribe linux-admin" = in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html --------------ms090002090100040106090204 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIVJjCC BpwwggWEoAMCAQICAwDMLjANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMCSUwxFjAUBgNV BAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRl IFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlh dGUgQ2xpZW50IENBMB4XDTA5MTIxMDA5NDcwMloXDTEwMTIxMTEwNDM1M1owgZIxIDAeBgNV BA0TFzExMTgyMC1wZWRaeGw1ejNLOGFZQVJUMR4wHAYDVQQKExVQZXJzb25hIE5vdCBWYWxp ZGF0ZWQxKTAnBgNVBAMTIFN0YXJ0Q29tIEZyZWUgQ2VydGlmaWNhdGUgTWVtYmVyMSMwIQYJ KoZIhvcNAQkBFhRhZGFtYkBhZ2l0YXRlLm9yZy51azCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAOofaCOt5EdexCwTURhbkVx2+AfysIgIJ56+BngA6buGdaT4aiMgbI/05qL+ 5hHNHGOShbSZmS14ffLcDrO97bnlsDiK0RiFNAPmmXUTK3EqjHqdsZfKLZirrH4nrTYdNSOw hz7v2S+Ar/606D/9yO1iPpergqFv7lI9sRHNSVr66NrH6AEgLwWM/fMeePJgF7Zv6tHlpET9 sUrTdqYWU8pbhByyyoUsMADC81pO4isTt6AY5K5jvPtKNklSj4Vt4PQ0tymQtfnR2l3KVeNG NipR1EH1BUaCKuhP3ivrAPb5UOQ8QA44SDhcWjWSOuj5e00MognvzCTucPbCrmXhl4kCAwEA AaOCAv0wggL5MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMC BggrBgEFBQcDBDAdBgNVHQ4EFgQU8YgXrDjxb92HRDCpmAd5wkrL5HcwHwYDVR0jBBgwFoAU U3Ltkpzg2ssBXHx+ljVO8tS4UYIwHwYDVR0RBBgwFoEUYWRhbWJAYWdpdGF0ZS5vcmcudWsw ggFCBgNVHSAEggE5MIIBNTCCATEGCysGAQQBgbU3AQIBMIIBIDAuBggrBgEFBQcCARYiaHR0 cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0BggrBgEFBQcCARYoaHR0cDovL3d3 dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRlLnBkZjCBtwYIKwYBBQUHAgIwgaowFBYNU3Rh cnRDb20gTHRkLjADAgEBGoGRTGltaXRlZCBMaWFiaWxpdHksIHNlZSBzZWN0aW9uICpMZWdh bCBMaW1pdGF0aW9ucyogb2YgdGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 IFBvbGljeSBhdmFpbGFibGUgYXQgaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBk ZjBjBgNVHR8EXDBaMCugKaAnhiVodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9jcnR1MS1jcmwu Y3JsMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9jcnR1MS1jcmwuY3JsMIGOBggr BgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20vc3Vi L2NsYXNzMS9jbGllbnQvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly93d3cuc3RhcnRzc2wuY29t L2NlcnRzL3N1Yi5jbGFzczEuY2xpZW50LmNhLmNydDAjBgNVHRIEHDAahhhodHRwOi8vd3d3 LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQEFBQADggEBAHqf8U+Mt0kKbhnFO0+wBghId6fa 2nZsTOI4oEnshcsyKlkE8SFr1L/9DNCxdFgMTM+F9TjdBc9qPXAflGHwVVlIUT/0CtWMFKjU hxWx+hQddNwI3gRhDAE3M9Ae2FDRxJQbGkcFKGH1Q9rMWFQWGt3gBaYVuqQLEKc8Rvs6bCrS XGvLee+wfjz+TUmTZIOPl7nlv6aGowFSWwhZ/VEAz1udtqyMKVkfmlQNF4jRs4Vbmi4xrpg9 tZvdRXrQowGjKGSdw5YFfFG3QyCwci1CqAuw1xhR9KxLQwLc5NyR0jso9Oy0GCCFC5xOYCU6 68CuhEHKPREsD0kYOmX7xiCQmEgwggacMIIFhKADAgECAgMAzC4wDQYJKoZIhvcNAQEFBQAw gYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1 cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFz cyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTAeFw0wOTEyMTAwOTQ3MDJaFw0x MDEyMTExMDQzNTNaMIGSMSAwHgYDVQQNExcxMTE4MjAtcGVkWnhsNXozSzhhWUFSVDEeMBwG A1UEChMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMSkwJwYDVQQDEyBTdGFydENvbSBGcmVlIENl cnRpZmljYXRlIE1lbWJlcjEjMCEGCSqGSIb3DQEJARYUYWRhbWJAYWdpdGF0ZS5vcmcudWsw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqH2gjreRHXsQsE1EYW5FcdvgH8rCI CCeevgZ4AOm7hnWk+GojIGyP9Oai/uYRzRxjkoW0mZkteH3y3A6zve255bA4itEYhTQD5pl1 EytxKox6nbGXyi2Yq6x+J602HTUjsIc+79kvgK/+tOg//cjtYj6Xq4Khb+5SPbERzUla+uja x+gBIC8FjP3zHnjyYBe2b+rR5aRE/bFK03amFlPKW4QcssqFLDAAwvNaTuIrE7egGOSuY7z7 SjZJUo+FbeD0NLcpkLX50dpdylXjRjYqUdRB9QVGgiroT94r6wD2+VDkPEAOOEg4XFo1kjro +XtNDKIJ78wk7nD2wq5l4ZeJAgMBAAGjggL9MIIC+TAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE sDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwHQYDVR0OBBYEFPGIF6w48W/dh0Qw qZgHecJKy+R3MB8GA1UdIwQYMBaAFFNy7ZKc4NrLAVx8fpY1TvLUuFGCMB8GA1UdEQQYMBaB FGFkYW1iQGFnaXRhdGUub3JnLnVrMIIBQgYDVR0gBIIBOTCCATUwggExBgsrBgEEAYG1NwEC ATCCASAwLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYw NAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYw gbcGCCsGAQUFBwICMIGqMBQWDVN0YXJ0Q29tIEx0ZC4wAwIBARqBkUxpbWl0ZWQgTGlhYmls aXR5LCBzZWUgc2VjdGlvbiAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBD ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly93d3cu c3RhcnRzc2wuY29tL3BvbGljeS5wZGYwYwYDVR0fBFwwWjAroCmgJ4YlaHR0cDovL3d3dy5z dGFydHNzbC5jb20vY3J0dTEtY3JsLmNybDAroCmgJ4YlaHR0cDovL2NybC5zdGFydHNzbC5j b20vY3J0dTEtY3JsLmNybDCBjgYIKwYBBQUHAQEEgYEwfzA5BggrBgEFBQcwAYYtaHR0cDov L29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczEvY2xpZW50L2NhMEIGCCsGAQUFBzAChjZo dHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9jZXJ0cy9zdWIuY2xhc3MxLmNsaWVudC5jYS5jcnQw IwYDVR0SBBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20vMA0GCSqGSIb3DQEBBQUAA4IB AQB6n/FPjLdJCm4ZxTtPsAYISHen2tp2bEziOKBJ7IXLMipZBPEha9S//QzQsXRYDEzPhfU4 3QXPaj1wH5Rh8FVZSFE/9ArVjBSo1IcVsfoUHXTcCN4EYQwBNzPQHthQ0cSUGxpHBShh9UPa zFhUFhrd4AWmFbqkCxCnPEb7Omwq0lxry3nvsH48/k1Jk2SDj5e55b+mhqMBUlsIWf1RAM9b nbasjClZH5pUDReI0bOFW5ouMa6YPbWb3UV60KMBoyhkncOWBXxRt0MgsHItQqgLsNcYUfSs S0MC3OTckdI7KPTstBgghQucTmAlOuvAroRByj0RLA9JGDpl+8YgkJhIMIIH4jCCBcqgAwIB AgIBDTANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20g THRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcG A1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDcxMDI0MjEwMTU0 WhcNMTIxMDIyMjEwMTU0WjCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0 ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNV BAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwmDzM4t2BqxKaQuE6uWvooyg4ymiEGW VUet1G8SD+rqvyNH4QrvnEIaFHxOhESip7vMz39ScLpNLbL1QpOlPW/tFIzNHS3qd2XRNYG5 Sv9RcGE+T4qbLtsjjJbi6sL7Ls/f/X9ftTyhxvxWkf8KW37iKrueKsxw2HqolH7GM6FX5UfN AwAu4ZifkpmZzU1slBhyWwaQPEPPZRsWoTb7q8hmgv6Nv3Hg9rmA1/VPBIOQ6SKRkHXG0Hhm q1dOFoAFI411+a/9nWm5rcVjGcIWZ2v/43Yksq60jExipA4l5uv9/+Hm33mbgmCszdj/Dthf 13tgAv2O83hLJ0exTqfrlwIDAQABo4IDWzCCA1cwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMC AaYwHQYDVR0OBBYEFFNy7ZKc4NrLAVx8fpY1TvLUuFGCMIGoBgNVHSMEgaAwgZ2AFE4L7xqk QFulF2mHMMo0aEPQQa7yoYGBpH8wfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29t IEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAn BgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEBMAkGA1UdEgQCMAAw PQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzAChiFodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9z ZnNjYS5jcnQwYAYDVR0fBFkwVzAsoCqgKIYmaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3Nm c2NhLWNybC5jcmwwJ6AloCOGIWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3Nmc2NhLmNybDCC AV0GA1UdIASCAVQwggFQMIIBTAYLKwYBBAGBtTcBAQQwggE7MC8GCCsGAQUFBwIBFiNodHRw Oi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjA1BggrBgEFBQcCARYpaHR0cDovL2Nl cnQuc3RhcnRjb20ub3JnL2ludGVybWVkaWF0ZS5wZGYwgdAGCCsGAQUFBwICMIHDMCcWIFN0 YXJ0IENvbW1lcmNpYWwgKFN0YXJ0Q29tKSBMdGQuMAMCAQEagZdMaW1pdGVkIExpYWJpbGl0 eSwgcmVhZCB0aGUgc2VjdGlvbiAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENv bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly9j ZXJ0LnN0YXJ0Y29tLm9yZy9wb2xpY3kucGRmMBEGCWCGSAGG+EIBAQQEAwIABzBQBglghkgB hvhCAQ0EQxZBU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBGcmVlIFNT TCBFbWFpbCBDZXJ0aWZpY2F0ZXMwDQYJKoZIhvcNAQEFBQADggIBAKqa4eBbjM4dG/wdxiww IKC3kyb98QK2zREovyn/xzDP/4H/Bc8FFDTgoJR+nX2Li0EP3U7TsjG+CaIi90+8YlShADpk Prfm/8SzjGtJtfM6EaluJOhpcqMr3OyzK3aYGJP5RIeZ6vLT3fQaDZsIooXl6YSFR/0HpU4F JDc0wuyFaZmFbCrjTp8RNYyRWTTX6mWSv+TraOwuj3zrrddSpgUEi2WqwM9G/5o4IXQbGHx7 oXTvL6zrw9IOYO3QOKZDgFNhHeKUgqMAUiLcg/+WhcGe+Y4umKuxghtwaYsgD/bLfIfop3NC /u5JqwDCWizAJruhmbOV4LG859MFCb2w/YeY55zDPVGmQ3MZdriwdOKrhlFjOjYihmm28UHO vND2G3kK0LvnuieLqjQMc6GuUcZAQOWv96pW4BfbiQXpAqibMMeb0PZISa7PFEzGiBc2xAuV RkM4kB9/+iieA1D/OTiRJwsf6rkoVgOsN9fCw522tzOmuVfiqDS4bFYv00sX/dFGwasHUUf3 DsLhpDSYdejb74SKjtuqLDIOuAm2bA1axA6+7kjFeNIngSU6OPSMre+xAjoc/6coaMGthFD+ mimr/i/8F8wDwdyzas7oxkdCtaW8hVir8mJnbp4CbckllDMPkeQ6qQNmxSDhOeqX1jyx2cTi /vPq+/TyxV/stlehMYID0DCCA8wCAQEwgZQwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1T dGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWdu aW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENs aWVudCBDQQIDAMwuMAkGBSsOAwIaBQCgggIQMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw HAYJKoZIhvcNAQkFMQ8XDTEwMDYwOTA4MTUzOVowIwYJKoZIhvcNAQkEMRYEFH0ZDgnSSNb8 SFovYUhpEc7Y0p8uMF8GCSqGSIb3DQEJDzFSMFAwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMH MA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIB KDCBpQYJKwYBBAGCNxAEMYGXMIGUMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRD b20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4 MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQg Q0ECAwDMLjCBpwYLKoZIhvcNAQkQAgsxgZeggZQwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQK Ew1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBT aWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRl IENsaWVudCBDQQIDAMwuMA0GCSqGSIb3DQEBAQUABIIBAECcL4BRt8+86i27NQAtWrIiYYmL VgAKL8O5OpUwFsHj1/EOVjQCV1jWnnPgSFdJuonXFpFp9rCE+ITTvs/emM9xMMWwWkNtYWxs B3+qW34S1EJ6N4+7XQ8gLBt4W+MQXFGrC76XOLLBsWK330Wzm+od0oxkgVwrA5sau3ksheQm cngabzCRlWo6KnTzv4Z/xTaz+4bStaVbXAwKakNitYgembL2zw0qX6XrWBjnOHP/rC5ZjPgn vkcwVqYRm16r8ik7I6t1YplBOJwPM/9pAVTYHt6D6tGVtoX7dzsCfpT2KWybkijgVkQkaTO+ w6fsjE4iuVHBGs5eIzcj2wjrurIAAAAAAAA= --------------ms090002090100040106090204--