SSH connections being dropped by ZyWALL 10
- From: Tristan Schmelcher <tristan.schmelcher@xxxxxxxxx>
- Date: Sat, 22 Sep 2007 22:11:57 -0700
I am running an OpenSSH 4.3 server on an embedded Linux system, so I
have turned on the ClientAliveInterval and TCPKeepAlive options in
sshd_config. ClientAliveInterval is set to 10, and the OS's TCP
keep-alive settings are time = 10, probes = 5, and intvl = 10. (I need
it all low b/c server processes could be holding system-wide locks.)
If I connect to the SSH server directly (i.e., without a firewall in
between), then those settings work fine; server processes die when the
connection is down and stay up when it's up. However, here's my problem:
if I connect from outside my ZyWALL 10 firewall, then the connection is
dropped after about a minute of user inactivity.
The weird thing is that if I connect from outside the firewall via
_Telnet_ (which is using TCP keep-alives too), then it works correctly.
And the _other_ weird thing is that if I use a cheap consumer firewall
instead (D-Link DI-604), then SSH works correctly too. It's only SSH
with the ZyWALL 10 that messes up.
This seems to implicate the SSH-level keep-alives and their interaction
with the ZyWALL, which makes no sense to me because aren't they just
data in the encrypted TCP stream?
Any suggestions would be welcome.
- Prev by Date: sometimes ssh problem connecting servers (after upgrade to ubuntu/feisty)
- Next by Date: copying from system known_hosts to user known_hosts
- Previous by thread: sometimes ssh problem connecting servers (after upgrade to ubuntu/feisty)
- Next by thread: copying from system known_hosts to user known_hosts