Date: Tue, 23 Apr 2002 07:20:42 -0700 From: "Philip J. Koenig" <pjklist@ekahuna.com> To: questions@FreeBSD.ORG Cc: "Moti" <moti@flncs.com> Subject: Re: SSH questions Message-ID: <20020423142043169.AAA697@empty1.ekahuna.com@pc02.ekahuna.com> In-Reply-To: <00f301c1eaca$ed8d7a50$fd6e34c6@mlevy>
next in thread | previous in thread | raw e-mail | index | archive | help
On 23 Apr 2002, at 9:29, Moti boldly uttered: > > 1) SSH is timing out after a few minutes of inactivity. (actually > > I'm getting "connection reset by peer" messages) > > > > The reason I don't think this is a connectivity problem is that both > > boxes are on pretty reliable circuits connected to the same ISP. (ie > > packets between them never hit the internet) > > > > I looked for some "timeout" settings in both /etc/ssh/sshd_config or > > ssh_config and didn't find anything but the "keep alive" setting. > > Are connections supposed to stay alive indefinitely by default? > > > 1.look to see if you have a timeout in your . files ( this could be a tcsh > timeout ) > 2.are you using the sshd built into freebsd or did you install one from > ports ( if yes than you config files are in /usr/local/etc ) > 3.do you have keep alive disabled ? I qoute the man page " > KeepAlive I can see no evidence of any local timeout settings, and don't recall having this problem previously on this box. I'm using the built-in sshd. There is no keepalive option in the system config file on the calling box (4.3-STABLE), so it's not enabled (or not implemented) I suppose. It is enabled on the receiving host. In any event, I don't recall having this problem in the past, the only thing that changed since the last time I had a long ssh session was, AFAIK, upgrading the receiving host to 4.5-STABLE from 4.3. BTW, "connection reset by peer" usually indicates some kind of aborted connection, not exactly a "graceful disconnect timeout", no? > > 2) The default ssh_config file appears to have protocol 1 as the > > 'default' protocol - or do I misunderstand this field? Clearly I > > want to use protocol 2 whenever possible because it's supposed to be > > more secure than v1. This is the line I'm referring to: > > > > Protocol 1,2 > > > > On the 4.3-Stable box those numbers are reversed.. but the line is > > commented-out. > > > I usually disable protocol 1 access (it's a big recommandation in any > security chyecklist ) Which is why I want to change that to prefer 2, but I don't mind having 1 as a fallback if I'm stuck with a lousy old host or client once in awhile. > > 3) Seems like it doesn't do much logging by default. (default syslog > > facility "AUTH", level "Info") I can see basic stuff in wtmp/lastlog > > but I'd like to log things like SSH protocol version, authentication > > method, etc. I tried changing "INFO" to "VERBOSE" and sent a HUP to > > sshd but it didn't seem to change much. > > > dont know about this one accept maybe you hupped the wrong process ? ( no > offence ...) No offence taken. I verified that the PID and start time of the sshd process had changed. What I was hoping for is an entry in syslog whenever a session started or stopped.. maybe I have to use DEBUG level for that? (the sshd manpage says it's excessive and an "invasion of user privacy" to use DEBUG level. Maybe I'll look for more info on the openssh homepage.) -- Philip J. Koenig pjklist@ekahuna.com Electric Kahuna Systems -- Computers & Communications for the New Millenium To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020423142043169.AAA697>