Re: [suse-security] sshd (IdleTimeout)
Hi, As I am a new person round here .. this may be irrelevant / wrong, but it is the way I would start looking at it ...
I know, this is useless: If you connect through a firewall, this will be the reason for these lost connections. I do have this problem myself. Pushing a key every 10 minutes is not the best solution... Does anyone know, how to reconfigure suse firewalls to do the >job?
<from ipmasquerade how-to> # MASQ timeouts # # 2 hrs timeout for TCP session timeouts # 10 sec timeout for traffic after the TCP/IP "FIN" packet is received # 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec firewall timeout in ICQ itself) # ipchains -M -S 7200 10 60 I hope that is of use :-) Pat ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com?sr=mc.mk.mcm.tag001
<from ipmasquerade how-to>
# MASQ timeouts # [...]
Increasing the timeouts might not help since an inactive session will not cause any traffic. It might be wise to just configure ssh/sshd to send keep-alives. If the keep-alive thingy doesn't work out for you, you could still tunnel some arbitrary port through the connection and send a syn every once in a while into the tunnel. This should do it, too.
I hope that is of use :-)
Pat
Roman. -- _ _ | Roman Drahtmüller "Freedom means that you can choose | CC University of Freiburg what you want to learn at a given | email: draht@uni-freiburg.de time." A. Becker, 1999 | - - People often find it easier to be a result of the past than a cause of the future.
On Tue, 15 Feb 2000, Roman Drahtmueller wrote:
Increasing the timeouts might not help since an inactive session will not cause any traffic. It might be wise to just configure ssh/sshd to send keep-alives.
If the keep-alive thingy doesn't work out for you, you could still tunnel some arbitrary port through the connection and send a syn every once in a while into the tunnel. This should do it, too.
is the site that you are connecting from being masqueraded? i noticed way back when when i had a system in that situation that i had the same issue. the keep alive option should help remedy the problem. if the site is directly connected, i'm at a loss. i've never experienced that problem w/ ssh when there was no masq involved. -Jae ** "I'm very drunk and I intend on getting drunker before it's over." -Clark Gable, Gone with the Wind
is the site that you are connecting from being masqueraded? i
Yes, it is.
the keep alive option should help remedy the problem.
I have try this. But the problem is still there. /etc/sshd_config KeepAlive yes IdleTimeout 60m the call: ssh -o "KeepAlive yes" Hostname Any other ideas? Thanks for answer. regards dominic -- _/ _/_/ dominic santi http://www.interconnective.net _/ _/ interconnective ag _/ _/ gundeldingerstrasse 197 _/ _/_/ ch-4053 basel
participants (4)
-
Dominic Santi
-
Guardian Angel
-
Jae
-
Roman Drahtmueller