How to maintain a persistent SSH connection?

martin f krafft madduck at madduck.net
Thu Nov 16 00:08:51 AEDT 2017


Hello,

I'm tasked with establishing a persistent SSH connection across
a very unreliable link, for a remote port forward (always port
2217). I figured I'd use ServerAliveInterval to make sure that the
ssh(1) process dies when the connection appears down, and I use
systemd to restart it in this case. This works fine.

What does not work fine, however, is the server-side. If the
connection goes down, sshd(8) lingers on the remote, bound to the
port that I need to forward back across the link. As a result, new
connections can't bind the port.

The sshd(8) process stays around for an unspecified time (>90min)
after the connection went down.

I realise I could use ClientAliveInterval on the server-side, but
there seems to be no way to specify this per-connection, and
there simply won't be a server-wide policy change in this case.

The ssh_config(5) manpage *does* state:

  The server alive mechanism is valuable when the client or server
  depend on knowing when a connection has become inactive.

but this promise currently isn't kept, because the server actually
doesn't find out about the "server alive" mechanism.

Would it be too far-fetched for ssh(1) to communicate to sshd(8) on
the remote that it intends to send pings and that the connection
will be torn down if those pings remain unanswered? Then the sshd(8)
process would know and could react accordingly.

Or is there another way to do this per-process/-connection? Short of
running a separate sshd(8) on another port?

It's probably a big change, as it'd require the protocol to be
touched, but maybe provisions for such extensions already exist?

Do you have any thoughts, gauges of success of such a wishlist, or
short-term solutions?

Thanks,

-- 
@martinkrafft | http://madduck.net/ | http://two.sentenc.es/
 
who's general failure, and why's he reading my disk?
 
spamtraps: madduck.bogus at madduck.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: digital_signature_gpg.asc
Type: application/pgp-signature
Size: 1118 bytes
Desc: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20171115/4097d571/attachment.asc>


More information about the openssh-unix-dev mailing list