ssh keepalives

Philip J. Koenig pjklist at ekahuna.com
Thu Jul 3 00:18:09 PDT 2003 

> Date: Wed, 2 Jul 2003 15:04:51 +0200
> From: Christian Stigen Larsen <csl at sublevel3.org>
> 
> Quoting Steve Coile (scoile at nandomedia.com):
> | On Tue, 1 Jul 2003, Philip J. Koenig wrote:
> | > I'm having a problem with premature termination of ssh sessions [...]
> | 
> | Is this a common problem with firewalls?  We suffer from this problem
> | here, also, and I've thought it must be a misconfiguration with the
> | firewall or elsewhere in the netwrok.  But since you mentioend it,
> | I'm rethinking my assessment.
> 
> As Michal F. Hanula, it might be due to the firewall dropping idle TCP
> connections.


I'm quite sure this is the case, and I know this is a characteristic 
of the stateful firewalls on both sides. (which I administer)

One of those firewalls is quite flexible about protocol state 
timeouts, I can set this on a service-by-service basis. (ie I could 
increase it for SSH and no other service)

Unfortunately the firewall on the other side isn't so accommodating.  
It has a single timeout setting that affects all traffic that 
traverses the firewall, and I'd rather not increase that too high.



> At work I use PuTTY (http://www.chiark.greenend.org.uk/~sgtatham/putty/) for
> my outbound ssh sessions, and it supports a useful option:
> 
> 	"Sending of null packets to keep session active"
> 
> Settings this to, say, 60 seconds effectively prevents my sessions from being
> cut off.  Unfortunately I haven't found any similar feature in the OpenSSH
> clients.  Do they support such a feature?


I've used that feature with PuTTY and it's handy.  As far as I can 
tell there is no equivalent in OpenSSH.  The "KeepAlive" feature 
appears to be used primarily to detect if a connection has died due 
to a broken link. (probably the thing that allows the client to 
report "connection reset by peer" right away without sitting there 
for a hour before figuring it out)



-- 
Philip J. Koenig                                       
pjklist at ekahuna.com
Electric Kahuna Systems -- Computers & Communications for 
the New Millenium

More information about the freebsd-questions mailing list