netbsd-users: Re: Question about ssh, tcp, and screen

Subject: Re: Question about ssh, tcp, and screen
To: None <netbsd-users@NetBSD.org>
From: Matthias Scheler <tron@zhadum.de>
List: netbsd-users
Date: 10/09/2005 08:58:27

In article <75ff70b05092202101d972633@mail.gmail.com>,
	Onno Ebbinge <onno.ebbinge@gmail.com> writes:
> Do you guys have "KeepAlive" on?

"KeepAlive" is switched on by default and not good enough in my experience.
It e.g. doesn't help with the broken firewall at work.

> A statefull firewall has timeouts on state table entries, ...

Correct.

> ... keep alives should reset them so they never time out.

See above.

There is however a better way. NetBSD's SSH daemon provides an option
called "ClientAliveInterval". It specifies the number of seconds of
idle time after which the server sends an (encrypted) packet without
payload over the SSH connection. I use "ClientAliveInterval 240" at
home which is good enough to defeat the 5 minute timeout of the broken
firewall at work.

	Kind regards

-- 
Matthias Scheler                                  http://scheler.de/~matthias/