ssh connections now freezing, if left idle for a few minutes
Cameron Simpson
cs at zip.com.au
Wed Oct 21 01:19:55 UTC 2015
On 20Oct2015 18:20, Tom Horsley <horsley1953 at gmail.com> wrote:
>On Wed, 21 Oct 2015 09:02:30 +1100
>Cameron Simpson wrote:
>> ServerAliveInterval 17
>
>I tried all that stuff for the ssh connection I run
>from my system at work, through the firewall, and
>to my system at home, but still never got it to
>stay up all the time.
It is entirely possible that some stateful router in between simply gets bored
with your connection. At least with ServerAliveInterval (and the corresponding
server side ClientAliveInterval) your ssh connections will notice and quit,
allowing prompt restart rather than hanging.
>I now have cron jobs that check ssh-keyscan
>every 5 minutes or so in both directions and
>a loop that re-initializes the connection from
>scratch if it ever fails to do the keyscans
>successfully. So far it has been pretty
>reliable - I think doing the keyscans helps
>keep the connections up.
Is your connection essentially for purposes of port forwards? If so, I do that
too. I have a script called "svcd" which runs a command forever, restarting it
if it quits. For example:
svcd ssh -F ~/.ssh/config-pf remote-host-pf
That takes care of the automatic restarts for me; I kick it off at restart and
forget it. No funny cron jobs to fondle via ssh-keyscan etc. Just restart if
the ssh dies.
In fact svcd has a host of control features, such as controls governing when
the service command should run. For example, the svcd controlling my port
forward sshes is told that my laptop needs a default route (so that it won't
pointlessly attempt a restart if my laptop is offline) etc.
If you care, svcd is here:
https://bitbucket.org/cameron_simpson/css/src/tip/bin/svcd
The wrapper I use to dispatch port forward sshes is here:
https://bitbucket.org/cameron_simpson/css/src/tip/bin/portfwd
So at startup, once my ssh keys are loaded, I dispatch:
portfwd BLAH &
in a tmux session to run the portforwards in group "BLAH" (work related, home
related etc). Portfwd sets svcd's "-t testcmd" to watch the default route and
other conditions.
It may seem like a lot of work, but my setup is robust and easy to manage now.
Cheers,
Cameron Simpson <cs at zip.com.au>
A friend of mine in a compiler writing class produced a compiler with one error
message "you lied to me when you told me this was a program".
- Pete Fenelon <pete at minster.york.ac.uk>
More information about the users
mailing list