john smith
2015-Nov-23 22:25 UTC
Why isn't it possible to lower TCP values of running SSH session?
I am running OpenSSH_6.7p1 on Slackware 14.1 x64. I haven't modified a stock config. On Linux TCP timeouts are controlled by these 3 files: $ cat /proc/sys/net/ipv4/tcp_keepalive_time \> /proc/sys/net/ipv4/tcp_keepalive_intvl \ > /proc/sys/net/ipv4/tcp_keepalive_probes7200 75 9 These are their default values. I modified them to 3, 1, 1 respecitively before establishing a new SSH connection. After establishing an SSH connection to a machine next to me I unplugged a network cable on the remote machine and had to wait for 3 seconds for the SSH session to be terminated by Linux. This is what I expected. Next, I connected again and while SSH session was already opened I changed values to their defaults - 7200, 75, 9. After unplugging a network cable I wasn't disconnected within 3 seconds. It made me think that it's possible to modify TCP timeouts of opened TCP sockets such as SSH connections. However, after connecting to the same machine again I changed timeout values to 3, 1, 1 again. To my surpires, after unplugging a network cable on the remote side I wasn't disconnected within 3 seconds. It seems it's only possible to increase TCP timeout values when SSH session is already opened but not to lower them. Why? Is it Linux or OpenSSH thing? -- <wempwer at gmail.com>
Damien Miller
2015-Nov-23 23:57 UTC
Why isn't it possible to lower TCP values of running SSH session?
TCP is the kernel's responsibility. I guess that these values get copied into each TCB from the copy managed via proc at connection start time, but never updated afterwards. You might want to consider using protocol-level keepalives: ServerAliveInterval/ServerAliveCountMax in ssh_config. -d On Mon, 23 Nov 2015, john smith wrote:> I am running OpenSSH_6.7p1 on Slackware 14.1 x64. I haven't modified > a stock config. On Linux TCP timeouts are controlled by these 3 > files: > > $ cat /proc/sys/net/ipv4/tcp_keepalive_time \ > > /proc/sys/net/ipv4/tcp_keepalive_intvl \ > > /proc/sys/net/ipv4/tcp_keepalive_probes > 7200 > 75 > 9 > > These are their default values. I modified them to 3, 1, 1 > respecitively before establishing a new SSH connection. After > establishing an SSH connection to a machine next to me I unplugged a > network cable on the remote machine and had to wait for 3 seconds for > the SSH session to be terminated by Linux. This is what I > expected. Next, I connected again and while SSH session was already > opened I changed values to their defaults - 7200, 75, 9. After > unplugging a network cable I wasn't disconnected within 3 seconds. It > made me think that it's possible to modify TCP timeouts of opened TCP > sockets such as SSH connections. However, after connecting to the same > machine again I changed timeout values to 3, 1, 1 again. To my > surpires, after unplugging a network cable on the remote side I wasn't > disconnected within 3 seconds. It seems it's only possible to increase > TCP timeout values when SSH session is already opened but not to lower > them. Why? Is it Linux or OpenSSH thing? > > -- > <wempwer at gmail.com> > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >
john smith
2015-Nov-24 00:05 UTC
Why isn't it possible to lower TCP values of running SSH session?
On Tue, Nov 24, 2015 at 12:57 AM, Damien Miller <djm at mindrot.org> wrote:> TCP is the kernel's responsibility. I guess that these values get > copied into each TCB from the copy managed via proc at connection > start time, but never updated afterwards. >This had to happen but the question is why is it possible to increase a timeout but not to decrease it. -- <wempwer at gmail.com>