From owner-freebsd-questions@FreeBSD.ORG Wed Jul 9 12:26:59 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C15037B401 for ; Wed, 9 Jul 2003 12:26:59 -0700 (PDT) Received: from empty1.ekahuna.com (empty1.ekahuna.com [198.144.200.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 606DB43F85 for ; Wed, 9 Jul 2003 12:26:58 -0700 (PDT) (envelope-from pjklist@ekahuna.com) Received: from pc-17 (dyn205.ekahuna.com [198.144.200.205]) by empty1.ekahuna.com (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35) with ESMTP id com; Wed, 9 Jul 2003 12:26:57 -0700 From: "Philip J. Koenig" Organization: The Electric Kahuna Organization To: questions@FreeBSD.ORG Date: Wed, 09 Jul 2003 12:26:56 -0700 MIME-Version: 1.0 Priority: normal In-reply-to: <20030709172448.GA14449@kaktusas.org> X-mailer: Pegasus Mail for Windows (v4.12a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Message-ID: <20030709192657804.AAA330@empty1.ekahuna.com@dyn205.ekahuna.com> Subject: Re: ssh keepalives X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: pjklist@ekahuna.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2003 19:26:59 -0000 On 9 Jul 2003 at 20:24, Paulius Bulotas boldly uttered: > Hi, > > a bit late answer, but I'm not able to keep up with my email traffic ;) > > Apply this patch to OpenSSH, if you are running FreeBSD: > http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-watchdog.html > > and use Heartbeat option with something less then dynamic rules life ;) > > Regards, > Paulius Aha, now this is a very interesting response! Considering that the author of the patch greatly discourages usage of the older OpenSSH code, and considering that my recently updated 4.8- STABLE box is still using OpenSSH 3.5p1 rather than the latest 3.6p1 mentioned in the patch, I'm a little disinclined to do this patch because I'll have to re-patch it every time I build/install world. If there's any possibility this patch will make it into the mainstream distribution I'll just wait for that. Will wait and see, but thanks very much for the tip! > On 03 07 01, Philip J. Koenig wrote: > > > > I'm having a problem with premature termination of ssh sessions after > > an idle period of a few minutes, getting a "connection reset by peer" > > message. I presume this is due to intermediate stateful firewalls > > closing the connection when no traffic passes for a period of time. > > > > In the past I've addressed this issue when I have control of the > > destination host, by including the following parameters in > > sshd_config: > > > > ClientAliveInterval 30 > > ClientAliveCountMax 4 > > > > > > However in this case I don't have control over the destination. It's > > a self-contained network device. > > > > man 5 ssh_conf says that "KeepAlive" is the default with ssh. Is > > there any other tactic I can use to keep these connections from > > closing after a few minutes of inactivity? > > > > Currently on FreeBSD 4.8-stable with OpenSSH_3.5p1 -- Philip J. Koenig pjklist@ekahuna.com Electric Kahuna Systems -- Computers & Communications for the New Millenium