[nSLUG] SSH - Dropped connections

Peter Cordes peter at llama.nslug.ns.ca
Fri Jan 16 16:06:29 AST 2004

On Fri, Jan 16, 2004 at 10:44:42AM -0400, David L. Potter wrote:
> I have two machines which are both running RedHat 7.2 with 
> OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
> One machine is on the GT network and the other machine is local (inside 
> a SMC router/firewall.
> Both machines were using a standard configuration (with KeepAlive), and 
> I'm using the same ssh client to access both machines.
> The remote machine has always (consistently) dropped idle connections on 
> the client end - with the bash and ssh processes remaining alive on the 
> server end.
> The local machine (same server configuration) and the Chebucto sshd 
> server have never dropped connections like this - same client.

 So your connection drops when it's going out through your firewall?  If
it's a NAT firewall, the idle connection timeout might be too short for the
TCP keepalives to work.  Linux 2.2 used to have a 15 minute default for
connection tracking, so connections that were idle longer than that were
forgotten about.  I saw the same problem you have: idle ssh connections from
my home LAN to a server on the Internet would die.  I increased the
masquerading timeout to 3 hours, since keepalives are sent every 2, IIRC.
Linux 2.4 is something like 120 hours, if no RST or FIN packets are seen, so
I didn't have to tweak it.

#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter at cor , des.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 351 bytes
Desc: Digital signature
URL: <http://nslug.ns.ca/mailman/private/nslug/attachments/20040116/e3510817/attachment.pgp>

More information about the nSLUG mailing list