From owner-freebsd-questions  Tue Apr 23  7:53:42 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from fw.firstinitiallastname.COM (dsl092-186-035.sfo2.dsl.speakeasy.net [66.92.186.35])
	by hub.freebsd.org (Postfix) with ESMTP id 2FFEB37B420
	for <questions@FreeBSD.ORG>; Tue, 23 Apr 2002 07:53:33 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by fw.firstinitiallastname.COM (8.11.6/8.11.6) with ESMTP id g3NErVR32271;
	Tue, 23 Apr 2002 07:53:31 -0700 (PDT)
	(envelope-from tim@firstinitiallastname.com)
Date: Tue, 23 Apr 2002 07:53:31 -0700 (PDT)
From: Tim Erlin <tim@firstinitiallastname.com>
To: "Philip J. Koenig" <pjklist@ekahuna.com>
Cc: questions@FreeBSD.ORG, Moti <moti@flncs.com>
Subject: Re: SSH questions
In-Reply-To: <20020423142043169.AAA697@empty1.ekahuna.com@pc02.ekahuna.com>
Message-ID: <20020423075201.N32252-100000@fw.firstinitiallastname.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

You can run ssh with -v and get some good debug output. Might be useful.
--Tim


On Tue, 23 Apr 2002, Philip J. Koenig wrote:

> On 23 Apr 2002, at 9:29, Moti boldly uttered:
>
> > > 1) SSH is timing out after a few minutes of inactivity.  (actually
> > > I'm getting "connection reset by peer" messages)
> > >
> > > The reason I don't think this is a connectivity problem is that both
> > > boxes are on pretty reliable circuits connected to the same ISP. (ie
> > > packets between them never hit the internet)
> > >
> > > I looked for some "timeout" settings in both /etc/ssh/sshd_config or
> > > ssh_config and didn't find anything but the "keep alive" setting.
> > > Are connections supposed to stay alive indefinitely by default?
> > >
> > 1.look to see if you have a timeout in your . files ( this could be a tcsh
> > timeout )
> > 2.are you using the sshd built  into freebsd or did you install one from
> > ports ( if yes than you config files are in /usr/local/etc )
> > 3.do you have keep alive disabled ? I qoute the man page "
> >  KeepAlive
>
>
> I can see no evidence of any local timeout settings, and don't recall
> having this problem previously on this box.
>
> I'm using the built-in sshd.
>
> There is no keepalive option in the system config file on the calling
> box (4.3-STABLE), so it's not enabled (or not implemented) I suppose.
> It is enabled on the receiving host.  In any event, I don't recall
> having this problem in the past, the only thing that changed since
> the last time I had a long ssh session was, AFAIK, upgrading the
> receiving host to 4.5-STABLE from 4.3.
>
> BTW, "connection reset by peer" usually indicates some kind of
> aborted connection, not exactly a "graceful disconnect timeout", no?
>
>
>
> > > 2) The default ssh_config file appears to have protocol 1 as the
> > > 'default' protocol - or do I misunderstand this field?  Clearly I
> > > want to use protocol 2 whenever possible because it's supposed to be
> > > more secure than v1.  This is the line I'm referring to:
> > >
> > > Protocol 1,2
> > >
> > > On the 4.3-Stable box those numbers are reversed.. but the line is
> > > commented-out.
> > >
> > I usually disable protocol 1 access (it's a big recommandation in any
> > security chyecklist )
>
>
> Which is why I want to change that to prefer 2, but I don't mind
> having 1 as a fallback if I'm stuck with a lousy old host or client
> once in awhile.
>
>
> > > 3) Seems like it doesn't do much logging by default. (default syslog
> > > facility "AUTH", level "Info")  I can see basic stuff in wtmp/lastlog
> > > but I'd like to log things like SSH protocol version, authentication
> > > method, etc.  I tried changing "INFO" to "VERBOSE" and sent a HUP to
> > > sshd but it didn't seem to change much.
> > >
> > dont know about this one accept maybe you hupped the wrong process ? ( no
> > offence ...)
>
>
> No offence taken.  I verified that the PID and start time of the sshd
> process had changed.
>
> What I was hoping for is an entry in syslog whenever a session
> started or stopped.. maybe I have to use DEBUG level for that? (the
> sshd manpage says it's excessive and an "invasion of user privacy" to
> use DEBUG level.  Maybe I'll look for more info on the openssh
> homepage.)
>
>
>
> --
> Philip J. Koenig                                       pjklist@ekahuna.com
> Electric Kahuna Systems -- Computers & Communications for the New Millenium
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message