TCP connect timeout with proxy

Anand Buddhdev anandb at
Fri Mar 27 19:36:09 AEDT 2020

On 26/03/2020 22:40, Peter Stuge wrote:

Hi Peter,

> #3 and #4 open a "direct-tcpip" channel within the SSH session.
> The open message doesn't support specifying a timeout, or any way to
> extend it with more/new parameters.
> You would have to extend the SSH protocol upstream and waiting for the
> extension to be supported by all your proxy hosts.

Right. Thank you for this. This is the answer that explains it. It
doesn't provide a solution, but at least now I know.

I am afraid I am not a programmer, and am unable to extend openssh in
any way. If I could, I would. I can write code in python, but that's
about it. C is beyond my ability.

For now, I think my best option is to keep using netcat (nc) on the
proxy to make the TCP connection. Fortunately, nc offers an option to
control the TCP connect timeout, and also has a sane default of 10
seconds, so when one address family fails, it tries the other one quickly.


More information about the openssh-unix-dev mailing list