On Fri, Jul 04, 2014 at 03:57:09AM -0700, Jesse Molina wrote: > > Note that I have "ClientAliveInterval 15" set on the sshd_config > server side. I would expect dropbear to count this traffic towards > -I. > > Without -I above, it took my device 18 minutes to figure out that I > had pulled the network out from under it by shutting down the > interface. That isn't acceptable. > > Can dropbear do this, or do I need to use openssh? I get the > feeling after reading what I have read that dropbear is too simple > to figure out when the server has gone away in most situations.
I've now made "-K" do the same as OpenSSH's ServerAliveInterval/ClientAliveInterval. CountMax is hardcoded to 3 in options.h - I don't think that needs to be a runtime setting. I've only given it brief testing, it might need some more attention to cases such as clients being suspended (laptop lid shuts). https://secure.ucc.asn.au/hg/dropbear/rev/a0819ecfee0b I don't _think_ anyone really desired the old -K behaviour of sending keepalives but not caring about the response - it can still be used to keep a NAT session open, and if you've gone that long without a response then the session is probably dead anyway. Someone please correct me if I'm mistaken. -I deliberately ignores keepalive traffic to avoid bad interactions. I think that's desirable. For reference the issue Fabrizio had with OpenSSH ClientAliveInterval looks like it was fixed in OpenSSH 4.9 https://bugzilla.mindrot.org/show_bug.cgi?id=1307 I've also made Dropbear send a SSH_MSG_REQUEST_FAILURE response as suggested in Ahilan's reply - better late than never! https://www.mail-archive.com/dropbear@ucc.asn.au/msg00711.html Cheers, Matt