ssh timeout question
John Johnstone
jjohnstone.nospamfreebsd at tridentusa.com
Tue May 28 11:44:22 UTC 2019
On 5/27/19 1:23 PM, Doug Denault wrote:
> I have broadband service from three different providers: Verizon (MD),
> Spectrum
> (FL) and Shentel (VA) so I can say with certainty that this is a function
> of the modem. ssh connections FreeBSD <---> FreeBSD do not time out.
>
> The timeouts appear to be a function of either NAT, DHCP or the number
> of active
> connections the router can maintain. My current question is with Verizon
> FIOS
> using the (latest??) modem AC1750 Wi-Fi (G1100). I have a home connection
> (100 mbps) and a business connection (150 mbps) both have the same
> characteristics.
When I had a Verizon MI424WR I had trouble keeping ssh sessions active
from a MacOS laptop to a FreeBSD server. On my laptop I created
~/.ssh/config with:
ServerAliveInterval 30
and it solved the problem.
TCP connection timeouts are a problem due to the timeout values for
active states that the router maintains in its state table. Once your
system at home completes the SYN, SYN/ACK, ACK handshake to the remote
system, the router makes an IP address / port number entry for that
connection in his state table. When either of the endpoints explicitly
close the connection, the router detects this and deletes the
corresponding state in the state table. The router also expires the
state when the connection remains idle for longer than router's state
timeout value. Any packets that are sent by the endpoints after that
are just dropped or rejected since there is no longer any matching state
in the state table.
It's very common for HTTP connections between web browsers and servers
to also go idle before they are explicitly closed. This results in the
states being removed prematurely by the router. This isn't noticed by
the user though since the browser just opens a new connection to the server.
My guess would be that DHCP or number of active connections are not a
factor in your case.
I also now have a Verizon G1100. I still have my .ssh/config file with
ServerAliveInterval set to 30 and I'm able to maintain ssh sessions for
many hours as long as the laptop is not set to sleep.
> On Verizon (biz) I currently have 24 active and inactive DHCP
> connections. I do
> not appear to be hitting any limit here. Connections do not time out
> except on
> any ssh connection running pine. The last time I checked pine it does
> not make
> any imap requests except when checking for new mail. I'm using the
> default (150
> secs). The other providers modems timeout connections so when I could
> not find a
> keepalive setting that worked, I wrote a script to print a character
> every so
> often (300 secs works for me).
Running a tcpdump session at both ends of your connections to monitor
the activity and looking at the packet timestamps should be pretty
conclusive to see exactly what is happening.
> Verizon happily times out pine connections in 2-3 hours. My keepalive
> script has
> no effect. I am not sure of the minimum but around 3 hours seems to be
> the max.
> Verizon of course says the do not time out connections. Probably true
> for their
> network. Not for the modem IMO. Anyone with similar experience or know
> workarounds?
-
John J.
More information about the freebsd-questions
mailing list