From owner-freebsd-questions Tue Apr 23 6:27:44 2002 Delivered-To: freebsd-questions@freebsd.org Received: from scaup.prod.itd.earthlink.net (scaup.mail.pas.earthlink.net [207.217.120.49]) by hub.freebsd.org (Postfix) with ESMTP id A8FB837B419 for ; Tue, 23 Apr 2002 06:27:32 -0700 (PDT) Received: from user-119aekg.biz.mindspring.com ([66.149.58.144] helo=ns.flncs.com) by scaup.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 1700KQ-0007TS-00; Tue, 23 Apr 2002 06:27:31 -0700 Received: from mlevy (unknown [12.27.148.78]) by ns.flncs.com (Postfix) with SMTP id 477F1529E; Tue, 23 Apr 2002 09:30:47 -0400 (EDT) Message-ID: <00f301c1eaca$ed8d7a50$fd6e34c6@mlevy> From: "Moti" To: , References: <20020423084157998.AAA719@empty1.ekahuna.com@pc02.ekahuna.com> Subject: Re: SSH questions Date: Tue, 23 Apr 2002 09:29:41 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ----- Original Message ----- From: "Philip J. Koenig" To: Sent: Tuesday, April 23, 2002 4:42 AM Subject: SSH questions > I've been having issues recently connecting from one FBSD box to > another. (4.3-Stable calling a 4.5-Stable box) > > 1) SSH is timing out after a few minutes of inactivity. (actually > I'm getting "connection reset by peer" messages) > > The reason I don't think this is a connectivity problem is that both > boxes are on pretty reliable circuits connected to the same ISP. (ie > packets between them never hit the internet) > > I looked for some "timeout" settings in both /etc/ssh/sshd_config or > ssh_config and didn't find anything but the "keep alive" setting. > Are connections supposed to stay alive indefinitely by default? > 1.look to see if you have a timeout in your . files ( this could be a tcsh timeout ) 2.are you using the sshd built into freebsd or did you install one from ports ( if yes than you config files are in /usr/local/etc ) 3.do you have keep alive disabled ? I qoute the man page " KeepAlive Specifies whether the system should send keepalive messages to the other side. If they are sent, death of the connection or crash of one of the machines will be properly noticed. However, this means that connections will die if the route is down tem- porarily, and some people find it annoying. On the other hand, if keepalives are not sent, sessions may hang indefinitely on the server, leaving ``ghost'' users and consuming server resources." > 2) The default ssh_config file appears to have protocol 1 as the > 'default' protocol - or do I misunderstand this field? Clearly I > want to use protocol 2 whenever possible because it's supposed to be > more secure than v1. This is the line I'm referring to: > > Protocol 1,2 > > On the 4.3-Stable box those numbers are reversed.. but the line is > commented-out. > I usually disable protocol 1 access (it's a big recommandation in any security chyecklist ) > 3) Seems like it doesn't do much logging by default. (default syslog > facility "AUTH", level "Info") I can see basic stuff in wtmp/lastlog > but I'd like to log things like SSH protocol version, authentication > method, etc. I tried changing "INFO" to "VERBOSE" and sent a HUP to > sshd but it didn't seem to change much. > dont know about this one accept maybe you hupped the wrong process ? ( no offence ...) > Thx, > > Phil > > moti > > -- > Philip J. Koenig pjklist@ekahuna.com > Electric Kahuna Systems -- Computers & Communications for the New Millenium > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message