Re: SSH Dropping Connections
- From: Bob Rasmussen <ras@xxxxxxxxx>
- Date: Wed, 5 Sep 2007 13:59:45 -0700 (PDT)
It is important to determine whether the dropouts are happening during
periods of inactivity, or when actively using the connection.
If dropouts happen during periods of inactivity, then some system, router,
etc., in the chain may be configured to drop connections that are inactive
for some period of time, call it "x" seconds. Obviously this is not a good
idea for many terminal emulation environments. But with many SSH clients,
such as Putty (as explained below) or our Anzio product, you can configure
them to send a "do-nothing" packet every "y" seconds. As long as y is less
than x, this will fool the device into thinking the session is active, and
keep it running.
On the other hand, if dropouts happen randomly, it means there is a poor
quality TCP/IP connection. In this case, it can HURT to have a keep-alive,
as follows. If the session drops temporarily, then is restored, the
connection can stay active, UNLESS some traffic occurs; when traffic
occurs, one or both ends learn that the connection has dropped, and they
close their end. The keep-alive can actually cause this to happen.
Conversely, if a keep-alive is NOT set, all remains quiet, the drop is
undiscovered, and by the time you actually use the connection it might be
re-established. If dropouts continue to happen, your only recourse, I
think, is to complain to the service provider.
On Tue, 4 Sep 2007, Nathalie Vaiser wrote:
In Putty you can set a keep-alive setting (under Connection in the settings),
I set mine to 60 seconds and this prevents most dropped connections.
Hari Sekhon wrote:
I have a remote worker who uses SSH tunneling to connect into the office
while on the road. He is running Windows with PuTTY connecting to a Linux
OpenSSH server. He has been reporting that it is extremely unstable and that
the connection drops. However, I and a colleague of mine use this method
regularly and have had no problems.
I suspect that this is simply due to his use of a 3G card which has a very
slow dial-up speed connection, whereas myself and my colleague have
broadband (actually it does drop more when my internet pipe is flooded).
Is there anything I can do to make the connection more tolerant and not
Or perhaps any advice for further isolating this (bearing in mind the remote
worker is not technical and I don't have access to the laptop at the times
he's on the road...)
This same remote worker was previously using an ipsec vpn with 3des and had
no problems so I suspect that 3des is more forgiving that the ssh
protocol(s) being used for cryptography, although I am aware that ssh can
use several different crypto algorithms, and reading the man page again it
seems that 3des is the default on linux but PuTTY seems to default to AES
first so perhaps it is AES being less forgiving that 3des?
Does anyone know more about the actual AES and 3DES protocol internals, is
AES less tolerant to timing issues because of it's stronger cryptography
(sort of like Kerberos system times being used in the crypto algorithm)?
Any ideas or feedback on this issue?
....Bob Rasmussen, President, Rasmussen Software, Inc.
personal e-mail: ras@xxxxxxxxx
company e-mail: rsi@xxxxxxxxx
voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
fax: (US) 503-624-0760
- Prev by Date: Re: SSH Dropping Connections
- Next by Date: Re: Negated patterns in AllowedUsers
- Previous by thread: Re: SSH Dropping Connections
- Next by thread: Re: SSH Dropping Connections