From owner-freebsd-questions  Tue Jun 18 14:54:47 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5])
	by hub.freebsd.org (Postfix) with ESMTP id 879FE37B401
	for <questions@FreeBSD.ORG>; Tue, 18 Jun 2002 14:54:31 -0700 (PDT)
Received: from hades.hell.gr (patr530-a231.otenet.gr [212.205.215.231])
	by mailsrv.otenet.gr (8.12.3/8.12.3) with ESMTP id g5ILsLuJ020673;
	Wed, 19 Jun 2002 00:54:23 +0300 (EEST)
Received: from hades.hell.gr (hades [127.0.0.1])
	by hades.hell.gr (8.12.4/8.12.4) with ESMTP id g5ILsADW010889;
	Wed, 19 Jun 2002 00:54:20 +0300 (EEST)
	(envelope-from keramida@ceid.upatras.gr)
Received: (from charon@localhost)
	by hades.hell.gr (8.12.4/8.12.4/Submit) id g5ILOhBa010610;
	Wed, 19 Jun 2002 00:24:43 +0300 (EEST)
X-Authentication-Warning: hades.hell.gr: charon set sender to keramida@ceid.upatras.gr using -f
Date: Wed, 19 Jun 2002 00:24:43 +0300
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: "Philip J. Koenig" <pjklist@ekahuna.com>
Cc: questions@FreeBSD.ORG, Dan Nelson <dnelson@allantgroup.com>
Subject: Re: kicking users
Message-ID: <20020618212443.GB10528@hades.hell.gr>
References: <20020618013550.GA6214@dan.emsphone.com> <20020618022326603.AAA594@empty1.ekahuna.com@pc02.ekahuna.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020618022326603.AAA594@empty1.ekahuna.com@pc02.ekahuna.com>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On 2002-06-17 19:23 -0700, Philip J. Koenig wrote:
> > Hmm.  According to the sshd manpage, it already enables
> > keepalives.  Ignore my sysctl idea, then.
>
> Interesting you should mention that though.  I have a problem where
> sessions get killed off, and I think it's because of the stateful
> firewall on one or both ends of the connection timing out the
> session when no packets traverse it for 5-10 mins. (this is actually
> the main reason I end up wanting to kill 'zombie' user sessions)

This looks similar to troubles I had with a stateful ipfw firewall
that killed my ssh sessions too often for me to ignore it.  Try
increasing the lifetime of dynamic ipfw rules.  I now have in my
/etc/sysctl.conf file the following:

	net.inet.ip.fw.dyn_ack_lifetime=7200

- Giorgos


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message