Hi,
In the last several years, I noticed an annoying problem with ssh:
Long-running ssh connections are automatically disconnected after just a
few minutes of inactivity. This problem effects both interactive sessions
(using ssh without screen(1) became almost impossible...) as well as ssh port
forwarding and the likes.
I never noticed this problem until about 6 years ago, but since then have
noticed it on more and more client/server combinations that I use, to the
point that today I see this disconnection problem almost in every situation.
Although this problem is extremely annoying, I always viewed it as a "force
of nature" that I couldn't do anything about it.
But recently I found that that actually we *can* fix this diconnection
problem, and do it very easily.
It turns out that what causes this problem are network "devices" -
firewalls,
load balancers and so on - which surround the client, server, or both, or the
networks they reside in. On the modern Internet, you'd be hard-pressed to
find a network configuration which doesn't have any of these devices.
The problem is that these devices need to track active connections, so to
avoid denial-of-service attacks and other problems, their creators took the
liberty to "forget" about active TCP connections after some time of
inactivity
on these connections - often just after a few minutes of inactivity.
Because inactive ssh sessions by default don't transmit any data, these
firewalls forget about this session and when you do try to send some data
over this connection, it gets disconnected.
It turns out that recent versions of OpenSSH clients already have an option
that solves this problem - ServerAliveInterval.
Is there a reason why OpenSSH shouldn't enable ServerAliveInterval in the
default client configuration, with some interval of, say, 120 seconds?
I believe that because these automatically-disconnecting firewalls are almost
ubiquitous on today's firewall, this setting is very important, and most
users will not be able to discover it on their own (like I haven't, until
recently).
If ServerAliveInterval is enabled by default, with a short (few minute)
interval, we may also want to increase ServerAliveCountMax (which is
by default only 3), although I'm not sure about this. I think we should also
consider enabling by default the corresponding option in the server -
ClientAliveInterval.
Thanks in advance,
Nadav Har'El.
--
Nadav Har'El | Friday, Dec 14 2007, 6 Tevet
5768
nyh at math.technion.ac.il
|-----------------------------------------
Phone +972-523-790466, ICQ 13349191 |Life is what happens to you while
you're
http://nadav.harel.org.il |busy making other plans. - John Lennon