From owner-freebsd-questions@FreeBSD.ORG Thu Jul 3 00:18:08 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BFBFB37B401 for ; Thu, 3 Jul 2003 00:18:08 -0700 (PDT) Received: from empty1.ekahuna.com (empty1.ekahuna.com [198.144.200.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0EA1E43F93 for ; Thu, 3 Jul 2003 00:18:06 -0700 (PDT) (envelope-from pjklist@ekahuna.com) Received: from pc-17 (dyn205.ekahuna.com [198.144.200.205]) by empty1.ekahuna.com (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35) with ESMTP id com for ; Thu, 3 Jul 2003 00:18:03 -0700 From: "Philip J. Koenig" Organization: The Electric Kahuna Organization To: freebsd-questions@freebsd.org Date: Thu, 03 Jul 2003 00:18:02 -0700 MIME-Version: 1.0 Priority: normal In-reply-to: <20030702145202.1833A37B401@hub.freebsd.org> X-mailer: Pegasus Mail for Windows (v4.02a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Message-ID: <20030703071803206.AAA1059@empty1.ekahuna.com@dyn205.ekahuna.com> Subject: Re: ssh keepalives X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: pjklist@ekahuna.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2003 07:18:09 -0000 > Date: Wed, 2 Jul 2003 15:04:51 +0200 > From: Christian Stigen Larsen > > Quoting Steve Coile (scoile@nandomedia.com): > | On Tue, 1 Jul 2003, Philip J. Koenig wrote: > | > I'm having a problem with premature termination of ssh sessions [...] > | > | Is this a common problem with firewalls? We suffer from this problem > | here, also, and I've thought it must be a misconfiguration with the > | firewall or elsewhere in the netwrok. But since you mentioend it, > | I'm rethinking my assessment. > > As Michal F. Hanula, it might be due to the firewall dropping idle TCP > connections. I'm quite sure this is the case, and I know this is a characteristic of the stateful firewalls on both sides. (which I administer) One of those firewalls is quite flexible about protocol state timeouts, I can set this on a service-by-service basis. (ie I could increase it for SSH and no other service) Unfortunately the firewall on the other side isn't so accommodating. It has a single timeout setting that affects all traffic that traverses the firewall, and I'd rather not increase that too high. > At work I use PuTTY (http://www.chiark.greenend.org.uk/~sgtatham/putty/) for > my outbound ssh sessions, and it supports a useful option: > > "Sending of null packets to keep session active" > > Settings this to, say, 60 seconds effectively prevents my sessions from being > cut off. Unfortunately I haven't found any similar feature in the OpenSSH > clients. Do they support such a feature? I've used that feature with PuTTY and it's handy. As far as I can tell there is no equivalent in OpenSSH. The "KeepAlive" feature appears to be used primarily to detect if a connection has died due to a broken link. (probably the thing that allows the client to report "connection reset by peer" right away without sitting there for a hour before figuring it out) -- Philip J. Koenig pjklist@ekahuna.com Electric Kahuna Systems -- Computers & Communications for the New Millenium