Date: Tue, 23 Apr 2002 09:29:41 -0400 From: "Moti" <moti@flncs.com> To: <pjklist@ekahuna.com>, <questions@FreeBSD.ORG> Subject: Re: SSH questions Message-ID: <00f301c1eaca$ed8d7a50$fd6e34c6@mlevy> References: <20020423084157998.AAA719@empty1.ekahuna.com@pc02.ekahuna.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----
From: "Philip J. Koenig" <pjklist@ekahuna.com>
To: <questions@FreeBSD.ORG>
Sent: Tuesday, April 23, 2002 4:42 AM
Subject: SSH questions
> I've been having issues recently connecting from one FBSD box to
> another. (4.3-Stable calling a 4.5-Stable box)
>
> 1) SSH is timing out after a few minutes of inactivity. (actually
> I'm getting "connection reset by peer" messages)
>
> The reason I don't think this is a connectivity problem is that both
> boxes are on pretty reliable circuits connected to the same ISP. (ie
> packets between them never hit the internet)
>
> I looked for some "timeout" settings in both /etc/ssh/sshd_config or
> ssh_config and didn't find anything but the "keep alive" setting.
> Are connections supposed to stay alive indefinitely by default?
>
1.look to see if you have a timeout in your . files ( this could be a tcsh
timeout )
2.are you using the sshd built into freebsd or did you install one from
ports ( if yes than you config files are in /usr/local/etc )
3.do you have keep alive disabled ? I qoute the man page "
KeepAlive
Specifies whether the system should send keepalive messages to
the other side. If they are sent, death of the connection or
crash of one of the machines will be properly noticed.
However,
this means that connections will die if the route is down tem-
porarily, and some people find it annoying. On the other hand,
if keepalives are not sent, sessions may hang indefinitely on
the
server, leaving ``ghost'' users and consuming server
resources."
> 2) The default ssh_config file appears to have protocol 1 as the
> 'default' protocol - or do I misunderstand this field? Clearly I
> want to use protocol 2 whenever possible because it's supposed to be
> more secure than v1. This is the line I'm referring to:
>
> Protocol 1,2
>
> On the 4.3-Stable box those numbers are reversed.. but the line is
> commented-out.
>
I usually disable protocol 1 access (it's a big recommandation in any
security chyecklist )
> 3) Seems like it doesn't do much logging by default. (default syslog
> facility "AUTH", level "Info") I can see basic stuff in wtmp/lastlog
> but I'd like to log things like SSH protocol version, authentication
> method, etc. I tried changing "INFO" to "VERBOSE" and sent a HUP to
> sshd but it didn't seem to change much.
>
dont know about this one accept maybe you hupped the wrong process ? ( no
offence ...)
> Thx,
>
> Phil
>
>
moti
>
> --
> Philip J. Koenig pjklist@ekahuna.com
> Electric Kahuna Systems -- Computers & Communications for the New
Millenium
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00f301c1eaca$ed8d7a50$fd6e34c6>