Subject: Re: ssh connections dropping...?
To: None <>
From: Wolfgang S. Rupprecht <>
List: current-users
Date: 10/25/2004 14:59:19
> >>different keepalive timeouts?  A tunneled pop connection that's polled 
> >>often enoug?
> >
> >No tunneling I know of.  OS X's default keepalive timeout is about 10x
> >NetBSD's.
> >
> One easy test is to run something like
> while true
> do	echo -n .
> 	sleep 60
> done

A buddy of mine had some kind of lame NAT box that would regularly
lose state on a quiet connection.  The simplest test was to add this
to /etc/ssh/sshd_config:

    # Set the keep-alive for a heartbeat every 60 seconds and a connection
    # close after 30 minutes. -wsr 2003/11/26
    ClientAliveInterval  60
    ClientAliveCountMax  30

Note, this facility isn't a tcp-level keep-alive, but a keep alive
sent by sshd itself inside the ssh tunnel.  The stated goal is to keep
attackers from keeping the tunnel open by tcp spoofing attacks.  I
can't get too excited about that attack, but the fact that the
user-accessible knobs let you tune the "ping" interval and the max
drops is pretty darn useful.  The two extra packets a minute seem like
a small price to pay for keeping the NAT boxes of the world happy.

And yes, that did the trick.  There were no more drops after turning
this on.

Wolfgang S. Rupprecht