ssh timeout question

John Johnstone jjohnstone.nospamfreebsd at tridentusa.com
Tue May 28 11:44:22 UTC 2019


On 5/27/19 1:23 PM, Doug Denault wrote:
> I have broadband service from three different providers: Verizon (MD), 
> Spectrum
> (FL) and Shentel (VA) so I can say with  certainty that this is a function
> of the modem. ssh connections FreeBSD <---> FreeBSD do not time out.
> 
> The timeouts appear to be a function of either NAT, DHCP or the number 
> of active
> connections the router can maintain. My current question is with Verizon 
> FIOS
> using the (latest??) modem AC1750 Wi-Fi (G1100). I have a home connection
> (100 mbps) and a business connection (150 mbps) both have the same
> characteristics.

When I had a Verizon MI424WR I had trouble keeping ssh sessions active 
from a MacOS laptop to a FreeBSD server.  On my laptop I created 
~/.ssh/config with:

ServerAliveInterval 30

and it solved the problem.

TCP connection timeouts are a problem due to the timeout values for 
active states that the router maintains in its state table.  Once your 
system at home completes the SYN, SYN/ACK, ACK handshake to the remote 
system, the router makes an IP address / port number entry for that 
connection in his state table.  When either of the endpoints explicitly 
close the connection, the router detects this and deletes the 
corresponding state in the state table.  The router also expires the 
state when the connection remains idle for longer than router's state 
timeout value.  Any packets that are sent by the endpoints after that 
are just dropped or rejected since there is no longer any matching state 
in the state table.

It's very common for HTTP connections between web browsers and servers 
to also go idle before they are explicitly closed.  This results in the 
states being removed prematurely by the router.  This isn't noticed by 
the user though since the browser just opens a new connection to the server.

My guess would be that DHCP or number of active connections are not a 
factor in your case.

I also now have a Verizon G1100.  I still have my .ssh/config file with 
ServerAliveInterval set to 30 and I'm able to maintain ssh sessions for 
many hours as long as the laptop is not set to sleep.

> On Verizon (biz) I currently have 24 active and inactive DHCP 
> connections. I do
> not appear to be hitting any limit here. Connections do not time out 
> except on
> any ssh connection running pine. The last time I checked pine it does 
> not make
> any imap requests except when checking for new mail. I'm using the 
> default (150
> secs). The other providers modems timeout connections so when I could 
> not find a
> keepalive setting that worked, I wrote a script to print a character 
> every so
> often (300 secs works for me).

Running a tcpdump session at both ends of your connections to monitor 
the activity and looking at the packet timestamps should be pretty 
conclusive to see exactly what is happening.

> Verizon happily times out pine connections in 2-3 hours. My keepalive 
> script has
> no effect. I am not sure of the minimum but around 3 hours seems to be 
> the max.
> Verizon of course says the do not time out connections. Probably true 
> for their
> network. Not for the modem IMO. Anyone with similar experience or know 
> workarounds?

-
John J.


More information about the freebsd-questions mailing list