Enabling ServerAliveInterval by default

Gert Doering gert at greenie.muc.de
Mon Dec 17 02:29:22 EST 2007


On Sat, Dec 15, 2007 at 10:05:00PM +0200, Nadav Har'El wrote:
> May I ask what is a "sane" NAT timeout? 5 minutes? 30 minutes? 1 hour? 1 day?

This borders very much on a religious war :-)

For me, no kind of NAT can ever be considered "sane".

Nevertheless the same issue applies to stateful firewall filtering, of
course - and in that case, I'd consider a timeout of "reasonably above
the values of TCP keepalive packets" to be "sane".

Working around broken NATs instead of fixing the problem is not The Way To
Do Things.

Personally, I have situations where I like ServerAliveInterval, and other
situations where it isn't needed, and is actually interfering with the
way I use SSH.  So I need to adapt the defaults either way.

USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de

More information about the openssh-unix-dev mailing list