The attached patch adds an option (off by default to preserve current
behavior) to set a timeout on the select() statement that waits for input
in clientloop.c. This fixes a timeout issue for me (explained below) and
probably also fixes the timeouts mentioned in last month's thread "Idle
time out". The patch is also available by http from:
http://www.chaos2.org/~jacob/code/patch-openssh-1.2.2-trans_inter
I am ssh-ing from a machine on my home network to one on the
internet. This goes out over a Linux ip_masquerade firewall. When I
wrote the attached patch, I thought it was the firewall that was killing
the connection by timing out on the redirected port due to lack of
traffic. But after reading some similar posts on this list, I think there
might be problems even if a firewall isn't involved. Also note that in
the tcpdump below, I did have KeepAlive turned on (both server and client)
and yet I don't see any traffic being generated due to this, which seems
to render KeepAlive pretty useless...
When ssh dies on me (when no max idle time is set) it gives me the
error below:
"
velius:~% Read from remote host velius.chaos2.org: Connection reset by peer
Connection to velius.chaos2.org closed.
jacob:~#
"
From the tcpdump below, we see that the firewall has assigned a new
ip_masq port. This shows all the packets; specifically, none are
generated in the interim.
"
00:59:19.987703 velius.chaos2.org.ssh > c392100-a.crvlls1.or.home.com.64579: P 1:21(20) ack 20 win 32120
<nop,nop,timestamp 46926353 47417028> (DF)
00:59:19.998389 c392100-a.crvlls1.or.home.com.64579 > velius.chaos2.org.ssh: . ack 21 win 32120
<nop,nop,timestamp 47417072 46926353> (DF) [tos 0x10]
... time passes here but no traffic to velius ...
01:20:37.477884 c392100-a.crvlls1.or.home.com.64687 > velius.chaos2.org.ssh: P 2954940853:2954940873(20) ack
2970631452 win 32120 <nop,nop,timestamp 47544804 46926353> (DF) [tos 0x10]
01:20:37.583097 velius.chaos2.org.ssh > c392100-a.crvlls1.or.home.com.64687: R 2970631452:2970631452(0) win 0
[tos 0x10]
"
The attached patch allows the user to put a TransmitInterlude option
in their ssh_config file that gives how many seconds are allowed to pass
without generating traffic. A value of 300 completely solves the timeouts
for me and I haven't observed any stability issues.
Please cc me with comments as I am not subscribed to the list.
Jacob Lundberg
jacob@chaos2.org
--
"Heh. You mean this is Stef's source code?"
-User Friendly
behavior) to set a timeout on the select() statement that waits for input
in clientloop.c. This fixes a timeout issue for me (explained below) and
probably also fixes the timeouts mentioned in last month's thread "Idle
time out". The patch is also available by http from:
http://www.chaos2.org/~jacob/code/patch-openssh-1.2.2-trans_inter
I am ssh-ing from a machine on my home network to one on the
internet. This goes out over a Linux ip_masquerade firewall. When I
wrote the attached patch, I thought it was the firewall that was killing
the connection by timing out on the redirected port due to lack of
traffic. But after reading some similar posts on this list, I think there
might be problems even if a firewall isn't involved. Also note that in
the tcpdump below, I did have KeepAlive turned on (both server and client)
and yet I don't see any traffic being generated due to this, which seems
to render KeepAlive pretty useless...
When ssh dies on me (when no max idle time is set) it gives me the
error below:
"
velius:~% Read from remote host velius.chaos2.org: Connection reset by peer
Connection to velius.chaos2.org closed.
jacob:~#
"
From the tcpdump below, we see that the firewall has assigned a new
ip_masq port. This shows all the packets; specifically, none are
generated in the interim.
"
00:59:19.987703 velius.chaos2.org.ssh > c392100-a.crvlls1.or.home.com.64579: P 1:21(20) ack 20 win 32120
<nop,nop,timestamp 46926353 47417028> (DF)
00:59:19.998389 c392100-a.crvlls1.or.home.com.64579 > velius.chaos2.org.ssh: . ack 21 win 32120
<nop,nop,timestamp 47417072 46926353> (DF) [tos 0x10]
... time passes here but no traffic to velius ...
01:20:37.477884 c392100-a.crvlls1.or.home.com.64687 > velius.chaos2.org.ssh: P 2954940853:2954940873(20) ack
2970631452 win 32120 <nop,nop,timestamp 47544804 46926353> (DF) [tos 0x10]
01:20:37.583097 velius.chaos2.org.ssh > c392100-a.crvlls1.or.home.com.64687: R 2970631452:2970631452(0) win 0
[tos 0x10]
"
The attached patch allows the user to put a TransmitInterlude option
in their ssh_config file that gives how many seconds are allowed to pass
without generating traffic. A value of 300 completely solves the timeouts
for me and I haven't observed any stability issues.
Please cc me with comments as I am not subscribed to the list.
Jacob Lundberg
jacob@chaos2.org
--
"Heh. You mean this is Stef's source code?"
-User Friendly