ssh/sshd question

[Brandon Allbery]

On Fri, Aug 1, 2014 at 9:51 PM, Richard L. Hamilton <rlhamil at smart.net>
wrote:

> While there are a couple of server (/etc/sshd_config) parameters for
> keepalives, I doubt they would force an idle timeout (notwithstanding a lot
> of people claiming that they will).


TcpKeepAlive would, but it's almost always disabled and the timeout there
is typically measured in hours.

The ServerAlive*/ClientAlive* also would but is default disabled in
clients, and I don't think Apple has changed this. (It's typically enabled
in servers, but that only means that clients can request it; it will not do
anything if the client has it disabled.)

Much more commonly than either of those, this is caused not by ssh
configuration, but by a NAT gateway in between the systems; if the NAT
table overflows, older connections will be lost (overwritten by newer
connections), and attempting to use them after that will result in them
dying immediately as the gateway, having forgotten about the connection,
responds with an RST. Where OS X versions figure into this is that every OS
X version uses more and more network sockets even when idle; I in
particular found that 10.7 and later would *all by themselves* cause many
older commodity router/NAT/WiFi gateways to overflow their NAT tables.
(I've switched to loading DD-WRT on routers or buying ones that have it
preloaded, although I expect newer commodity routers have larger tables
because Windows has also expanded its network usage in later versions.)

-- 
brandon s allbery kf8nh                               sine nomine associates
allbery.b at gmail.com                                  ballbery at sinenomine.net
unix, openafs, kerberos, infrastructure, xmonad        http://sinenomine.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/macports-users/attachments/20140801/9c431c7d/attachment.html>