ssh tunnel exits unexptected

Darren Tucker dtucker at zip.com.au
Wed Nov 19 16:16:39 EST 2003


Ming wrote:
> I have setup a tunnel from server A to server B across WAN by running
> "ssh -l user_X -L port_A:server_B:port_B server_C -N". Server B is in a
> private network, so I have to establish the tunnel via server C, which
> is in the same LAN with B but has a public IP.
> The problem is, every time I start the tunnel on server B, the tunnel
> process will die nearly two hours later. And it always gives me the
> similar debugging message before it exits, e.g.:

[snip]

I'd be willing to bet that there is a firewall with a 2-hour session
timer, probably between the client and server C.  If your sessions are
idle (ie no traffic at all) when the timeout occurs, you can work around
it by enabling a keepalive to keep the session "fresh".  If the sessions
are active when the timeout occurs, you need to talk to your firewall
admin as no amount of fooling with SSH will help.

The client-side KeepAlive option probably won't help since the default
(system-wide) keepalive timer is normally 2 hours (unless you reduce the
timer, how to do this varies between platforms).

If you can, I suggest enabling ClientAliveInterval on the server set to
maybe 600 seconds.

Alternatively, you could also investigate one of the client-side keepalive
patches (I don't have a URL for those handy).

> Could anyboday give me some clues? Are there any problems with server A
> or with server C? I doubt it's something about timeout or KeepAlive
> values. But as a regular user, I don't how to check and set them. Your
> suggestions will be greatly appreciated.

Perhaps reading the man pages for ssh_config and sshd_config would be a
good start?

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.




More information about the openssh-unix-dev mailing list