SSH completely locks up if you have a NOT PERFECT con

[Nico Kadel-Garcia]

On Sat, Aug 30, 2014 at 11:08 PM, Robin <dovecot at r.paypc.com> wrote:

> Read the manuals, educate yourself about your kernel's TCP stack tuning
> knobs (if you can even get at those on your system), but don't shriek like a
> lunatic to every software project that inherits the limitations of
> underlying protocols and demand that they redress the accumulated
> shortcomings of decades of ad-hoc and often chaotic "progress" that have
> exposed the cracks in a 30+ year old networking specification.
>
> Not an SSH Bug, but a USER Bug.

Wherever the bug resides, the userland tools to ameliorate the problem
do exist in OpenSSH. They include, on the client side:

         ServerAliveCountMax
         ServerAliveInterval
         TCPKeepAlive

And on the server side:

         ClientAliveCountMax
         ClientAliveInterval
         TCPKeepAlive

In particular, on the server side, 'ClientAliveInterval is set to '0'
in many default setups. So the keepalives are not happening. And on
the client side, "ServerAliveInterval' only works for SSH 2. So
"Anonymous" might benefit a great deal from making sure that he uses
only SSH version 2, which he can enforce by setting 'Protocol 2' in
his personal $HOME/.ssh/config file.

So, while I personally think that Anonymous was being a ranting troll
in some ways, let's not say "it's all someone else's fault, we can't
fix that". Most users have little access to the TCP stack itself, and
some thought has gone into ways to reduce the problem for SSH users.
Let's point out the factors that might help, namely the now built-in
'Keep Alive' settings.