Running CentOS 7 on workstation and having a problem with ssh disconnects. My ssh_config contains: Host * TCPKeepAlive yes ServerAliveInterval 30 ServerAliveCountMax 300 and sshd_config on the server contains: TCPKeepAlive yes ClientAliveInterval 60 ClientAliveCountMax 300 Have I missed any setting needed to prevent these random disconnects? I don't think there is anything wrong with the network card, the driver, or the cable, since if I am on a VPN connection via another server, the VPN and any ssh connection stay up indefinitely. Thanks.
On Mon, Feb 12, 2018 at 6:25 PM H <agents at meddatainc.com> wrote:> Running CentOS 7 on workstation and having a problem with ssh disconnects. > My ssh_config contains: > > Host * > TCPKeepAlive yes > ServerAliveInterval 30 > ServerAliveCountMax 300 > > and sshd_config on the server contains: > > TCPKeepAlive yes > ClientAliveInterval 60 > ClientAliveCountMax 300 > > Have I missed any setting needed to prevent these random disconnects? I > don't think there is anything wrong with the network card, the driver, or > the cable, since if I am on a VPN connection via another server, the VPN > and any ssh connection stay up indefinitely. > > Thanks.There are usually 2 different reasons for this: 1. The VPN is UDP and times out/drops keeps alives so that they no longer function properly. [The UDP connection will make it look like you have a new SSH connection which of course the system will drop because that would allow for security problems.] 2. A firewall in the chain of things (system you are on, the system you are going to, or somewhere in between) has session flushing issues. If you have the firewall set up to only accept NEW port 22 connections and then just looks to see if the ESTABLISHED, RELATED tables are accepted elsewhere then if the session somehow ages out or is flushed due to usage, the ssh connection can get dropped. The solution to one is to see if a TCP VPN fixes the problem. The second one is to either make the iptables kernel tables larger or to have all port 22 accepted even if it is not ESTABLISHED. These aren?t the only ways the problem you see can occur but they are some of the most common I have run into.> > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >-- Stephen J Smoogen.
On 2018-02-12, H <agents at meddatainc.com> wrote:> Running CentOS 7 on workstation and having a problem with ssh > disconnects. My ssh_config contains: > > Host * > TCPKeepAlive yes > ServerAliveInterval 30 > ServerAliveCountMax 300 > > and sshd_config on the server contains: > > TCPKeepAlive yes > ClientAliveInterval 60 > ClientAliveCountMax 300 > > Have I missed any setting needed to prevent these random disconnects? > I don't think there is anything wrong with the network card, the > driver, or the cable, since if I am on a VPN connection via another > server, the VPN and any ssh connection stay up indefinitely. > > Thanks.Another poster has provided some possible reasons for the disconnections. Whatever the cause, autossh (from the epel repo) is a good workaround. -- Liam
On 02/12/2018 06:34 PM, Stephen John Smoogen wrote:> On Mon, Feb 12, 2018 at 6:25 PM H <agents at meddatainc.com> wrote: > >> Running CentOS 7 on workstation and having a problem with ssh disconnects. >> My ssh_config contains: >> >> Host * >> TCPKeepAlive yes >> ServerAliveInterval 30 >> ServerAliveCountMax 300 >> >> and sshd_config on the server contains: >> >> TCPKeepAlive yes >> ClientAliveInterval 60 >> ClientAliveCountMax 300 >> >> Have I missed any setting needed to prevent these random disconnects? I >> don't think there is anything wrong with the network card, the driver, or >> the cable, since if I am on a VPN connection via another server, the VPN >> and any ssh connection stay up indefinitely. >> >> Thanks. > > > There are usually 2 different reasons for this: > 1. The VPN is UDP and times out/drops keeps alives so that they no longer > function properly. [The UDP connection will make it look like you have a > new SSH connection which of course the system will drop because that would > allow for security problems.] > > 2. A firewall in the chain of things (system you are on, the system you are > going to, or somewhere in between) has session flushing issues. If you have > the firewall set up to only accept NEW port 22 connections and then just > looks to see if the ESTABLISHED, RELATED tables are accepted elsewhere then > if the session somehow ages out or is flushed due to usage, the ssh > connection can get dropped. > > The solution to one is to see if a TCP VPN fixes the problem. The second > one is to either make the iptables kernel tables larger or to have all port > 22 accepted even if it is not ESTABLISHED. > > These aren?t the only ways the problem you see can occur but they are some > of the most common I have run into. > > > >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >>Not sure if I am reading your reply correctly but I should clarify that I have problems when running naked ssh to the server, when I run ssh to the same server but over the VPN connection (that goes via third server) everything is flawless. I should also explain that: - I am on a workstation (located in the US), ssh-ing into server 1 (located in the US). - From server 1 I use scp to transfer large files from server 2 (located in Europe) to server 1 (in the US). The above randomly disconnects. However, when: - I use a VPN connection to server 3 (also located in Europe). - From the same workstation as above, do exactly as above, connections are rock-solid.
On 02/12/2018 07:24 PM, Liam O'Toole wrote:> On 2018-02-12, H <agents at meddatainc.com> wrote: >> Running CentOS 7 on workstation and having a problem with ssh >> disconnects. My ssh_config contains: >> >> Host * >> TCPKeepAlive yes >> ServerAliveInterval 30 >> ServerAliveCountMax 300 >> >> and sshd_config on the server contains: >> >> TCPKeepAlive yes >> ClientAliveInterval 60 >> ClientAliveCountMax 300 >> >> Have I missed any setting needed to prevent these random disconnects? >> I don't think there is anything wrong with the network card, the >> driver, or the cable, since if I am on a VPN connection via another >> server, the VPN and any ssh connection stay up indefinitely. >> >> Thanks. > Another poster has provided some possible reasons for the > disconnections. Whatever the cause, autossh (from the epel repo) is a > good workaround. >Not that this happens while I do large scp file transfers that may take more than half an hour, simply restarting an ssh session is not going to help since I will lose the file transfer.
Possibly Parallel Threads
- Problem with ssh disconnecting
- Persistent SSH sessions
- ssh client does not timeout if the network fails after ssh_connect but before ssh_exchange_identification, even with Alive options set
- [Bug 1404] New: Make keepalive work properly with Cisco PIX/ASA boxes
- Problem with ssh disconnecting