Hmm dbclient worked well for me after that patch. But I was connecting to a dropbear server, not OpenSSL server...
I've migrated to OpenWRT with 8MB of flash too, and I ended up rewriting my own tunnel solution based on OpenSSL. There are much smaller SSL clients out there that can be used for free for non-commercial products, but requires to pay for a license for commercial use. I don't remember exactly the name of the one we looked at (that was few years ago). Regards, Fabrizio On Sat, Jul 5, 2014 at 2:14 AM, Jesse Molina <[email protected]> wrote: > > Fabrizio Bertocci contacted me and let me know that this seems to be a > known issue. > > https://www.mail-archive.com/[email protected]/msg00701.html > > https://www.mail-archive.com/[email protected]/msg00980.html > > > > The work I am doing is on an OpenWRT device with 8MB of flash, so local > space is very limited. I had to install the OpenSSL client yesterday, which > took up nearly an additional 2MB of space, but at least it works. It would > be nice to use dbclient instead, but it's idle timer is just straight-up > broken when used with -N -R. > > This works as expected with OpenSSL client: > > ssh -i $SSH_KEYFILE -o "ServerAliveInterval=15" -o "ServerAliveCountMax=4" > -N -R $SSH_PROXY_PORT:localhost:22 $SSH_USER@$SSH_HOST > > > > > On 7/4/14, 3:57, Jesse Molina wrote: > >> >> Hello >> >> I am doing this: >> >> ssh -K 3 -I 60 -i keyfile -N -R 2222:localhost:22 user@host >> >> I am intending a dropbear ssh client to set up a reverse proxy connection >> to a server, so I am using -N and -R. >> >> I am also using -K and -I so that the connection sends keepalives and >> will timeout if the network is disrupted. >> >> My problem is that the above results in the session dying 60 seconds >> after setup is finished because the idle timeout is being hit. I am not >> sure how -I is metering inbound traffic, but it's apparently not picking up >> anything. >> >> Note that I have "ClientAliveInterval 15" set on the sshd_config server >> side. I would expect dropbear to count this traffic towards -I. >> >> Without -I above, it took my device 18 minutes to figure out that I had >> pulled the network out from under it by shutting down the interface. That >> isn't acceptable. >> >> Can dropbear do this, or do I need to use openssh? I get the feeling >> after reading what I have read that dropbear is too simple to figure out >> when the server has gone away in most situations. >> >> >> >> Relevant: >> >> https://www.mail-archive.com/[email protected]/msg00978.html >> >> https://www.mail-archive.com/[email protected]/msg00648.html >> >> https://www.mail-archive.com/[email protected]/msg00402.html >> >> Thanks in advance. >> > >
