Comments on: Keeping SSH from disconnecting automatically http://fredericiana.com/2009/10/21/keeping-ssh-from-disconnecting-automatically/ Open Source, The Web, And German-American Oddities Wed, 18 Jan 2012 07:57:45 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Fred http://fredericiana.com/2009/10/21/keeping-ssh-from-disconnecting-automatically/comment-page-1/#comment-239086 Fred Thu, 22 Oct 2009 10:14:07 +0000 http://fredericiana.com/?p=2414#comment-239086 Dave: Thanks! While the SSH settings will keep this from happening by keeping the connection alive, it didn't come to my mind that it might be the router exerting its force over me ;) Great "feature", I must say. But I guess they do it in order to avoid running out of their highly limited resources if half-open connections keep piling up. Dave: Thanks! While the SSH settings will keep this from happening by keeping the connection alive, it didn’t come to my mind that it might be the router exerting its force over me ;) Great “feature”, I must say. But I guess they do it in order to avoid running out of their highly limited resources if half-open connections keep piling up.

]]> By: Dave Miller http://fredericiana.com/2009/10/21/keeping-ssh-from-disconnecting-automatically/comment-page-1/#comment-239085 Dave Miller Thu, 22 Oct 2009 10:03:48 +0000 http://fredericiana.com/?p=2414#comment-239085 Most Red Hat systems I've used (and as a sysadmin I've used a lot) default to not having a timeout in openssh. 95% of the time when you're running into this it's your router at home that's cutting you off. Most DSL/cable routers will kill off idle TCP connections after 5 to 10 minutes by default. I know this is the case with the default firmware on most Linksys branded routers (because I have a couple of them). Most of the third party firmware you can get for those things has that "feature" disabled though. :) Most Red Hat systems I’ve used (and as a sysadmin I’ve used a lot) default to not having a timeout in openssh. 95% of the time when you’re running into this it’s your router at home that’s cutting you off. Most DSL/cable routers will kill off idle TCP connections after 5 to 10 minutes by default. I know this is the case with the default firmware on most Linksys branded routers (because I have a couple of them). Most of the third party firmware you can get for those things has that “feature” disabled though. :)

]]> By: Fred http://fredericiana.com/2009/10/21/keeping-ssh-from-disconnecting-automatically/comment-page-1/#comment-239041 Fred Wed, 21 Oct 2009 20:26:30 +0000 http://fredericiana.com/?p=2414#comment-239041 Jeff: Very interesting, thanks! Sancus: Makes sense. Maybe I should have Read The Fine Manual more thoroughly. I will update the post with both your suggestions. Jeff: Very interesting, thanks!

Sancus: Makes sense. Maybe I should have Read The Fine Manual more thoroughly. I will update the post with both your suggestions.

]]> By: Sancus http://fredericiana.com/2009/10/21/keeping-ssh-from-disconnecting-automatically/comment-page-1/#comment-239039 Sancus Wed, 21 Oct 2009 19:42:14 +0000 http://fredericiana.com/?p=2414#comment-239039 TCPKeepAlive and ClientAliveInterval are actually separate methods of keeping connections alive. ClientAliveInterval is a secure method, and TCPKeepAlive is not. Basically, this works without the TCPKeepAlive yes and if you're using it you should probably turn TCPKeepAlive off. From man sshd_config: "It is important to note that the use of client alive messages is very different from TCPKeepAlive (below). The client alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The client alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive." TCPKeepAlive and ClientAliveInterval are actually separate methods of keeping connections alive. ClientAliveInterval is a secure method, and TCPKeepAlive is not. Basically, this works without the TCPKeepAlive yes and if you’re using it you should probably turn TCPKeepAlive off.

From man sshd_config:
“It is important to note that the use of client alive messages is very different from TCPKeepAlive (below). The client alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The client alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive.”

]]> By: Jeff Balogh http://fredericiana.com/2009/10/21/keeping-ssh-from-disconnecting-automatically/comment-page-1/#comment-239036 Jeff Balogh Wed, 21 Oct 2009 19:19:49 +0000 http://fredericiana.com/?p=2414#comment-239036 My ~/.ssh/config starts with this: Host * ServerAliveInterval 300 So my client does the KeepAlive for all connections, no matter how the server is configured. My ~/.ssh/config starts with this:

Host *
ServerAliveInterval 300

So my client does the KeepAlive for all connections, no matter how the server is configured.

]]> By: Paul C http://fredericiana.com/2009/10/21/keeping-ssh-from-disconnecting-automatically/comment-page-1/#comment-239032 Paul C Wed, 21 Oct 2009 18:29:31 +0000 http://fredericiana.com/?p=2414#comment-239032 Awesome. I've been wanting this for a while now, but was always too lazy to look up how to do it. Thanks! Awesome. I’ve been wanting this for a while now, but was always too lazy to look up how to do it. Thanks!

]]>