[EMAIL PROTECTED] wrote: >Our users who are using SSH to connect to external servers are >experiencing dropouts, their sessions are dropping when they are >connected for long periods of time.
Is this while they are working, or when the connection is idle for longer periods ? If it's the latter then I can shed some light on why it happens ... Ideally, a firewall (or NAT gateway which I assume is also configured) will simply open a connection when the first packet is handled and keep track of it until it sees it closed by the relevant packets. However, connections often do not get closed properly for a number of reasons, and so there are always timeouts so that a connection can be forgotten about if no packets are seen for a certain time - and the timeout varies between vendors/implementations. I assume that Linux (and other good configurable systems) probably have somewhere where this can be configured - hopefully someone more familiar with the deep technical bits can shed light on this. How I fixed it for me when we changed the firewall at work and timeouts became 'a bit annoying' was to add : -o ServerAliveCountMax=30 -o ServerAliveInterval=20 to my ssh connection script. These values are probably a bit OTT, but they have two effects. Firstly, it causes a packet exchange every 20 seconds which keeps the connection alive as far as the firewall is concerned. Secondly, it causes the ssh client to disconnect if the link is lost (like today when I've been disconnected a fair bit to diagnose problems on a customers network) rather than sit there until you try and use it when it 'hangs' for a while before giving up. See man ssh_config for more details. The values I've used send a server alive message every 20 seconds, and allow up to 30 (ie 10 minutes) to be missed before the connection is dropped. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
