Enabling ServerAliveInterval by default

[Nadav Har'El]

On Fri, Dec 14, 2007, Ben Lindstrom wrote about "Re: Enabling ServerAliveInterval by default":
> On Fri, 14 Dec 2007, Nadav Har'El wrote:
> > Is there a reason why OpenSSH shouldn't enable ServerAliveInterval in the
> > default client configuration, with some interval of, say, 120 seconds?
> 
> Because that is a packet every 120 seconds that isn't required for me and 

Every default setting for an option is a compromise. Some people prefer it 
being disabled, and other people prefer it enabled. The question is just the
number of people who prefer each setting, and how much a person is hurt
or annoyed by the "wrong" setting.

I believe that for the ServerAliveInterval, the balance clearly falls to the
"enabled" side, because many people are seriously annoyed by the disabled
(current) setting, while only a few people will be very mildly annoyed by
the enabled setting (which I propose to make the default).

> for most people with sane NAT timeouts or accessing local servers. 

May I ask what is a "sane" NAT timeout? 5 minutes? 30 minutes? 1 hour? 1 day?

I've been using rsh, and later ssh, for remote login to Unix and Linux
servers for the last 16 years. What I usually want to do is open an ssh
window (or a port-forwarding session, and so on) to a remote host, and keep
this window open for a whole day - and often a lot more - once in a while
typing commands, but often leaving the window inactive for a long time.

I am guessing that a significant percentage of the SSH users do (or at least
want to do) the same thing. But doing this is impossible if ServerAliveInterval
is disabled, because after 5 minutes, 30 minutes, or 1 hour (or whatever you
think your "sane" timeout is), your session is disconnected, and when you
next go to the ssh window, you find that it is gone.

I haven't done a rigorous survey of how "sane" firewall/nat/etc. devices
behave, but I do use several client and server networks and experience the
basically same problem in all of them, so I'll be very surprised if I'm the
only one noticing it.

And about local servers - well, yes, ServerAliveInterval is not very important
in this case. But what is the price that we pay for it? A couple of TCP
packets every two minutes? This amounts to around 0.0001% (one milionth)
of the typical LAN bandwidth per inactive ssh session - I don't see how this
could worry anyone.

> It could also increase internet costs for those under "Per-Meg" payment 
> plans.

I'm not sure the 120 second timeout I suggested is actually needed. A more
rigourous survey can be conducted to see what timeouts people are experiencing
and set the interval at something higher - perhaps 5 minutes or 10 minutes
are enough (but in my experience, something like 30 minutes is probably too
much).

I think only in very rare circumstances will the extra heartbeat packets on
inactive ssh sessions will make any payment difference. On machines that have
very steep per-kilobyte payments but still plan to keep inactive ssh sessions
for very long times (can you give me an example of such a situation? and
remember that this situation can't have a firewall/etc that disconnects this
connection!) ssh can be configured to disable this ServerAliveInterval.
I just think that this situation - and not ssh on "normal" Internet-connected
computers - is the exceptional one, and as I explained above the default
should be chosen according to the typical use, not the exceptional one.

Nadav.

-- 
Nadav Har'El                        |      Saturday, Dec 15 2007, 7 Tevet 5768
nyh at math.technion.ac.il             |-----------------------------------------
Phone +972-523-790466, ICQ 13349191 |Attention: There will be a rain dance
http://nadav.harel.org.il           |Friday night, weather permitting.