[nSLUG] SSH - Dropped connections

bdavidso at supercity.ns.ca bdavidso at supercity.ns.ca
Sat Jan 17 01:10:32 AST 2004


Sorry if this is a double-post -- I lurk on this list at work and am once
in a while moved to send something, but I forget to change my "identity"
and my message is held up because it comes from someone who is not a
subscriber (and I'm not complaining, I thinkthat is a Good Thing).

Anyway, when our opffice changed our INternet provider recently I
experienced a lot of timeouts on my ssh connections to our servers.  The
connections would die every few minutes and leave a shell (and whatever I
was doing) open.

I changed a few network parameters on the servers and the client, as
follows, and things have been much better:

~# cat /proc/sys/net/ipv4/tcp_keepalive_intvl
~# cat /proc/sys/net/ipv4/tcp_keepalive_time
~# cat /proc/sys/net/ipv4/tcp_keepalive_probes

I still lose the odd connection which has been idle for a few hours, but
things are much better than they were.  In debian, these can be set in
/etc/sysctl.conf so they take effect on boot.

I don't claim to be a tcp/ip guru; these were settings suggested for a
piece of commercial software, and I found that the server using those
setings didn't lose connections as odten as others.  I will leave it to
others smarter than me (Peter? Dop?) to explain why it works; I just know
that it does work.

Bill Davidson
bdavidso at supercity.ns.ca

On Fri, 16 Jan 2004, David L. Potter wrote:

> I have two machines which are both running RedHat 7.2 with
> OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
> One machine is on the GT network and the other machine is local (inside
> a SMC router/firewall.
> Both machines were using a standard configuration (with KeepAlive), and
> I'm using the same ssh client to access both machines.
> The remote machine has always (consistently) dropped idle connections on
> the client end - with the bash and ssh processes remaining alive on the
> server end.
> The local machine (same server configuration) and the Chebucto sshd
> server have never dropped connections like this - same client.
> This has finally got very irritating... ;-)
> Fire away folks... ;-) I'm going out to cool dawn... ;-)
> david potter
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug

More information about the nSLUG mailing list