[SOLVED] Idle SSH session disconnects (update)
Jim Cunning
jcunning at cts.com
Tue Sep 10 05:08:50 EST 2002
On Mon, 9 Sep 2002, Martin Johansson wrote:
> If you do not have control over the sshd configuration so that you cannot
> control ClientAlive-stuff, you can use the attached patch (against openssh
> 3.4p1). It adds 2 parameters to ssh_config:
>
> BogusTrafficIntervalMax 12
> BogusTrafficIntervalMin 1
>
> This configures the ssh client to send SSH_MSG_IGNORE randomly after
> between 1-12 seconds of idle time, thereby keeping the connection from
> timing out in the FW.
>
> Pretty useful for me who also sits behind a stateful FW.
>
> /Martin
During the whole exchange of suggestions, I would have sworn I was not
behind a stateful firewall because I have a permanent hole in the FW
configured for port 22 to and from my fixed IP address at home to a fixed,
public IP address on the network side of the FW which is then NAT'ed to a
10.-private address inside. What I overlooked was the fact that I was
trying all this from a _NEW_ workstation with a different internal IP.
The upshot is that adding "ClientAliveInterval 15" to /etc/ssh/sshd_config
has removed all time sensitivity to idle connections. Thanks to all who
have responded to this topic.
Jim Cunning
More information about the openssh-unix-dev
mailing list