From owner-freebsd-questions Mon Jun 17 19:23:31 2002 Delivered-To: freebsd-questions@freebsd.org Received: from empty1.ekahuna.com (empty1.ekahuna.com [198.144.200.196]) by hub.freebsd.org (Postfix) with ESMTP id 40D1C37B40C for ; Mon, 17 Jun 2002 19:23:27 -0700 (PDT) Received: from pc-02 (pc02.ekahuna.com [198.144.200.197]) by empty1.ekahuna.com (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35) with ESMTP id com; Mon, 17 Jun 2002 19:23:26 -0700 From: "Philip J. Koenig" Organization: The Electric Kahuna Organization To: questions@FreeBSD.ORG Date: Mon, 17 Jun 2002 19:23:26 -0700 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: kicking users Reply-To: pjklist@ekahuna.com Cc: Dan Nelson In-reply-to: <20020618013853.GB6214@dan.emsphone.com> References: <20020618013550.GA6214@dan.emsphone.com> X-mailer: Pegasus Mail for Win32 (v3.12c) Message-ID: <20020618022326603.AAA594@empty1.ekahuna.com@pc02.ekahuna.com> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 17 Jun 2002, at 20:38, Dan Nelson boldly uttered: > In the last episode (Jun 17), Dan Nelson said: > > In the last episode (Jun 17), Philip J. Koenig said: > > > I've had trouble killing logins manually that way, although I admit > > > that I've been using a plain 'kill' command, not 'kill -9'. > > > > > > Where I need to do this most often is for SSH users whose sessions > > > time out due to connectivity problems. I kill their processes and > > > shell, but the login still just sits there for a really long time > > > (hours? days? .. in 'who' anyway) before it goes away. > > > > If you kill -9 sshd, it doesn't get a chance to clean up the login > > records. Try just kill -9'ing the user's shell. I dont' kill sshd, just the shell and any other user-owned processes. > > You can also force the connections to time out all by themselves by > > setting net.inet.tcp.always_keepalive=1 in /etc/sysctl.conf. That'll > > force the kernel to send an empty packet after a TCP socket has been > > idle for a couple of hours. If the packet isn't acked, the kernel > > closes the socket. > > Hmm. According to the sshd manpage, it already enables keepalives. > Ignore my sysctl idea, then. Interesting you should mention that though. I have a problem where sessions get killed off, and I think it's because of the stateful firewall on one or both ends of the connection timing out the session when no packets traverse it for 5-10 mins. (this is actually the main reason I end up wanting to kill 'zombie' user sessions) Even with the keepalive feature turned on, the problem remains. Out of 3 ssh clients I've tried, the only one so far that has a working keepalive function that fixes this problem is Putty. (for Windows) Both the Windows client from SSH Corp and the openssh client shipped with FreeBSD 4.3-4.6 won't keep the connection up. (I don't remember if I tried a Linux installation of openssh) Phil -- Philip J. Koenig pjklist@ekahuna.com Electric Kahuna Systems -- Computers & Communications for the New Millenium To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message