ssh keepalives
Philip J. Koenig
pjklist at ekahuna.com
Thu Jul 3 00:18:09 PDT 2003
> Date: Wed, 2 Jul 2003 15:04:51 +0200
> From: Christian Stigen Larsen <csl at sublevel3.org>
>
> Quoting Steve Coile (scoile at nandomedia.com):
> | On Tue, 1 Jul 2003, Philip J. Koenig wrote:
> | > I'm having a problem with premature termination of ssh sessions [...]
> |
> | Is this a common problem with firewalls? We suffer from this problem
> | here, also, and I've thought it must be a misconfiguration with the
> | firewall or elsewhere in the netwrok. But since you mentioend it,
> | I'm rethinking my assessment.
>
> As Michal F. Hanula, it might be due to the firewall dropping idle TCP
> connections.
I'm quite sure this is the case, and I know this is a characteristic
of the stateful firewalls on both sides. (which I administer)
One of those firewalls is quite flexible about protocol state
timeouts, I can set this on a service-by-service basis. (ie I could
increase it for SSH and no other service)
Unfortunately the firewall on the other side isn't so accommodating.
It has a single timeout setting that affects all traffic that
traverses the firewall, and I'd rather not increase that too high.
> At work I use PuTTY (http://www.chiark.greenend.org.uk/~sgtatham/putty/) for
> my outbound ssh sessions, and it supports a useful option:
>
> "Sending of null packets to keep session active"
>
> Settings this to, say, 60 seconds effectively prevents my sessions from being
> cut off. Unfortunately I haven't found any similar feature in the OpenSSH
> clients. Do they support such a feature?
I've used that feature with PuTTY and it's handy. As far as I can
tell there is no equivalent in OpenSSH. The "KeepAlive" feature
appears to be used primarily to detect if a connection has died due
to a broken link. (probably the thing that allows the client to
report "connection reset by peer" right away without sitting there
for a hour before figuring it out)
--
Philip J. Koenig
pjklist at ekahuna.com
Electric Kahuna Systems -- Computers & Communications for
the New Millenium
More information about the freebsd-questions
mailing list