Date: Tue, 23 Apr 2002 07:53:31 -0700 (PDT) From: Tim Erlin <tim@firstinitiallastname.com> To: "Philip J. Koenig" <pjklist@ekahuna.com> Cc: questions@FreeBSD.ORG, Moti <moti@flncs.com> Subject: Re: SSH questions Message-ID: <20020423075201.N32252-100000@fw.firstinitiallastname.com> In-Reply-To: <20020423142043169.AAA697@empty1.ekahuna.com@pc02.ekahuna.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You can run ssh with -v and get some good debug output. Might be useful. --Tim On Tue, 23 Apr 2002, Philip J. Koenig wrote: > On 23 Apr 2002, at 9:29, Moti boldly uttered: > > > > 1) SSH is timing out after a few minutes of inactivity. (actually > > > I'm getting "connection reset by peer" messages) > > > > > > The reason I don't think this is a connectivity problem is that both > > > boxes are on pretty reliable circuits connected to the same ISP. (ie > > > packets between them never hit the internet) > > > > > > I looked for some "timeout" settings in both /etc/ssh/sshd_config or > > > ssh_config and didn't find anything but the "keep alive" setting. > > > Are connections supposed to stay alive indefinitely by default? > > > > > 1.look to see if you have a timeout in your . files ( this could be a tcsh > > timeout ) > > 2.are you using the sshd built into freebsd or did you install one from > > ports ( if yes than you config files are in /usr/local/etc ) > > 3.do you have keep alive disabled ? I qoute the man page " > > KeepAlive > > > I can see no evidence of any local timeout settings, and don't recall > having this problem previously on this box. > > I'm using the built-in sshd. > > There is no keepalive option in the system config file on the calling > box (4.3-STABLE), so it's not enabled (or not implemented) I suppose. > It is enabled on the receiving host. In any event, I don't recall > having this problem in the past, the only thing that changed since > the last time I had a long ssh session was, AFAIK, upgrading the > receiving host to 4.5-STABLE from 4.3. > > BTW, "connection reset by peer" usually indicates some kind of > aborted connection, not exactly a "graceful disconnect timeout", no? > > > > > > 2) The default ssh_config file appears to have protocol 1 as the > > > 'default' protocol - or do I misunderstand this field? Clearly I > > > want to use protocol 2 whenever possible because it's supposed to be > > > more secure than v1. This is the line I'm referring to: > > > > > > Protocol 1,2 > > > > > > On the 4.3-Stable box those numbers are reversed.. but the line is > > > commented-out. > > > > > I usually disable protocol 1 access (it's a big recommandation in any > > security chyecklist ) > > > Which is why I want to change that to prefer 2, but I don't mind > having 1 as a fallback if I'm stuck with a lousy old host or client > once in awhile. > > > > > 3) Seems like it doesn't do much logging by default. (default syslog > > > facility "AUTH", level "Info") I can see basic stuff in wtmp/lastlog > > > but I'd like to log things like SSH protocol version, authentication > > > method, etc. I tried changing "INFO" to "VERBOSE" and sent a HUP to > > > sshd but it didn't seem to change much. > > > > > dont know about this one accept maybe you hupped the wrong process ? ( no > > offence ...) > > > No offence taken. I verified that the PID and start time of the sshd > process had changed. > > What I was hoping for is an entry in syslog whenever a session > started or stopped.. maybe I have to use DEBUG level for that? (the > sshd manpage says it's excessive and an "invasion of user privacy" to > use DEBUG level. Maybe I'll look for more info on the openssh > homepage.) > > > > -- > Philip J. Koenig pjklist@ekahuna.com > Electric Kahuna Systems -- Computers & Communications for the New Millenium > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020423075201.N32252-100000>