[nSLUG] SSH - Dropped connections
peter at llama.nslug.ns.ca
Fri Jan 16 16:06:29 AST 2004
On Fri, Jan 16, 2004 at 10:44:42AM -0400, David L. Potter wrote:
> I have two machines which are both running RedHat 7.2 with
> OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
> One machine is on the GT network and the other machine is local (inside
> a SMC router/firewall.
> Both machines were using a standard configuration (with KeepAlive), and
> I'm using the same ssh client to access both machines.
> The remote machine has always (consistently) dropped idle connections on
> the client end - with the bash and ssh processes remaining alive on the
> server end.
> The local machine (same server configuration) and the Chebucto sshd
> server have never dropped connections like this - same client.
So your connection drops when it's going out through your firewall? If
it's a NAT firewall, the idle connection timeout might be too short for the
TCP keepalives to work. Linux 2.2 used to have a 15 minute default for
connection tracking, so connections that were idle longer than that were
forgotten about. I saw the same problem you have: idle ssh connections from
my home LAN to a server on the Internet would die. I increased the
masquerading timeout to 3 hours, since keepalives are sent every 2, IIRC.
Linux 2.4 is something like 120 hours, if no RST or FIN packets are seen, so
I didn't have to tweak it.
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter at cor , des.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BC
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 351 bytes
Desc: Digital signature
More information about the nSLUG