Why isn't it possible to lower TCP values of running SSH session?

Damien Miller djm at mindrot.org
Tue Nov 24 10:57:58 AEDT 2015

TCP is the kernel's responsibility. I guess that these values get
copied into each TCB from the copy managed via proc at connection
start time, but never updated afterwards.

You might want to consider using protocol-level keepalives:
ServerAliveInterval/ServerAliveCountMax in ssh_config.


On Mon, 23 Nov 2015, john smith wrote:

> I am running OpenSSH_6.7p1 on Slackware 14.1 x64.  I haven't modified
> a stock config.  On Linux TCP timeouts are controlled by these 3
> files:
> $ cat /proc/sys/net/ipv4/tcp_keepalive_time \
> >  /proc/sys/net/ipv4/tcp_keepalive_intvl \
> > /proc/sys/net/ipv4/tcp_keepalive_probes
> 7200
> 75
> 9
> These are their default values. I modified them to 3, 1, 1
> respecitively before establishing a new SSH connection. After
> establishing an SSH connection to a machine next to me I unplugged a
> network cable on the remote machine and had to wait for 3 seconds for
> the SSH session to be terminated by Linux. This is what I
> expected. Next, I connected again and while SSH session was already
> opened I changed values to their defaults - 7200, 75, 9. After
> unplugging a network cable I wasn't disconnected within 3 seconds. It
> made me think that it's possible to modify TCP timeouts of opened TCP
> sockets such as SSH connections.  However, after connecting to the same
> machine again I changed timeout values to 3, 1, 1 again. To my
> surpires, after unplugging a network cable on the remote side I wasn't
> disconnected within 3 seconds. It seems it's only possible to increase
> TCP timeout values when SSH session is already opened but not to lower
> them. Why? Is it Linux or OpenSSH thing?
> -- 
> <wempwer at gmail.com>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

More information about the openssh-unix-dev mailing list