Established connection timing out

Bob Rasmussen ras at anzio.com
Tue Feb 27 13:34:47 AEDT 2018


I don't believe you've said: are the disconnects happening during periods 
of idleness on the connection, or periods of activity? If idleness, some 
device or script could be actively doing a disconnect-on-idle.

On Mon, 26 Feb 2018, Kip Warner wrote:

> Hey list,
>
> I've read the man page for both the client and server daemon, so either
> I missed something or this isn't an SSH issue but something going on
> with perhaps routers or MTUs.
>
> I am having problems with already established connections to a remote
> server timing out after a few minutes. I connect either over ssh or via
> rsync tunnelled over the former.
>
> On the client side eventually I just see a whole pile of messages like
> this, but no rsync traffic appears occurring:
>
>    debug1: client_input_channel_req: channel 0 rtype     keepalive at ope
> nssh.com     reply 1
>
> I've monitored both the client and server via strace and neither
> machine appears to have "died" from some kind of memory exhaustion,
> bandwidth issue, etc. Both appear to simply be waiting for the other to
> do something.
>
> Since my client side rsync is running as root, I tried to modify
> /etc/ssh_config to try and keep the connection alive. This is the
> client side /etc/ssh_config
>
>    Host *
>
>        ServerAliveInterval 5
>        ServerAliveCountMax 20
>
> And this is the server side /etc/sshd_config:
>
>    Port 22
>    Protocol 2
>    HostKey /etc/ssh/ssh_host_rsa_key
>    HostKey /etc/ssh/ssh_host_dsa_key
>    HostKey /etc/ssh/ssh_host_ecdsa_key
>    UsePrivilegeSeparation yes
>
>    KeyRegenerationInterval 3600
>    ServerKeyBits 768
>
>    SyslogFacility AUTH
>    LogLevel INFO
>
>    LoginGraceTime 120
>    PermitRootLogin yes
>    StrictModes yes
>
>    RSAAuthentication yes
>    PubkeyAuthentication yes
>    AuthorizedKeysFile	%h/.ssh/authorized_keys
>
>    IgnoreRhosts yes
>    RhostsRSAAuthentication no
>    HostbasedAuthentication no
>
>    PermitEmptyPasswords no
>
>    ChallengeResponseAuthentication no
>
>    X11Forwarding yes
>    X11DisplayOffset 10
>    PrintMotd no
>    PrintLastLog yes
>
>    AcceptEnv LANG LC_*
>
>    Subsystem sftp /usr/lib/openssh/sftp-server
>
>    UsePAM yes
>
>    UseDNS no
>
>    ClientAliveCountMax 20
>    ClientAliveInterval 5
>
> The latter two options I'm assuming are the most important here, but
> they don't seem to do anything.
>
> Any help appreciated.
>
> -- 
> Kip Warner | Senior Software Engineer
> OpenPGP signed/encrypted mail preferred
> https://www.cartesiantheatre.com

Regards,
....Bob Rasmussen,   President,   Rasmussen Software, Inc.

personal e-mail: ras at anzio.com
  company e-mail: rsi at anzio.com
           voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
             fax: (US) 503-624-0760
             web: http://www.anzio.com
  street address: Rasmussen Software, Inc.
                  10240 SW Nimbus, Suite L9
                  Portland, OR  97223  USA


More information about the openssh-unix-dev mailing list