Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Avoide router timeouts during ssh sessions UNIX
I have an Xsense Macsense router (WSR-5000) that I have been using for the last few years; works great. One of it's features is the ability to port forward, so I have set it to forward port 22 to one of my home machines so I can ssh into it. However, I was experiencing some annoying hangs -- if I left the connection idle for about 10 minutes, the connection would freeze and finally disconnect, even though the home machine was set to never sleep. That became frustrating enough that I did some investigation.

It appears that this router -- and I think a good many others, as well -- have an idle timeout that times out internet-lan connections. I traded some emails with the Xsense guys, and they confirmed the timeout on their router -- and said that there was no way to either disable it or to change the timeout period.

Fortunately, the ssh guys have this figured out already. By opening /etc/sshd_config in your favorite editor (sudo required), and adding the line ClientAliveInterval 120, you set the ssh daemon to "re-awaken" the connection every 120 seconds, which is enough in my case to keep the connection active and prevents the ssh session from hanging. Read the man ssh page for more. I don't know if Apple's AirPort Base Stations also have an idle timeout like this, but there's no reason to think that this hint wouldn't work with them if they do.
    •    
  • Currently 3.50 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (4 votes cast)
 
[29,965 views]  

Avoide router timeouts during ssh sessions | 15 comments | Create New Account
Click here to return to the 'Avoide router timeouts during ssh sessions' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Avoide router timeouts during ssh sessions
Authored by: ekc on Jun 16, '04 03:06:03PM
I don't know if Apple's AirPort Base Stations also have an idle timeout like this, but there's no reason to think that this hint wouldn't work with them if they do.

FWIW, I haven't noticed this problem with my ABS (2nd gen. snow model). I ssh home frequently from work and it lets me stay on indefinitely.

Nice hint, though. I'll tuck it away in a corner of my mind in case I switch to a third party router one day.

-Ted

[ Reply to This | # ]

Avoide router timeouts during ssh sessions
Authored by: felix-fi on Jun 16, '04 04:39:09PM

Great hint...

It fixes the pb I had with my Netgear MR814 dropping outgoing ssh session.

Too bad this option is not available on the client side too, I had to ask the sysadmin at work to set it on the sshd server.

PS: I know that many other "cheap" routers have this pb of ssh connection dropping.



[ Reply to This | # ]
Avoide router timeouts during ssh sessions
Authored by: JohnnyMnemonic on Jun 16, '04 06:08:26PM
Actually, there is also a similar option on for the client (untested by me).

See ServerAliveInterval on the linked page. I can only assume that it works with the same syntax.

[ Reply to This | # ]
Avoide router timeouts during ssh sessions
Authored by: zadig on Jun 17, '04 06:24:10PM

I tested it. It's important to note that the man page (man ssh) for ssh under Panther does not list the ServerAliveInterval parameter. Adding it to ssh_config doesn't work... the next time you run ssh you see an error:

/etc/ssh_config: line 38: Bad configuration option: ServerAliveInterval

So this option does not appear to be present. You could download and install your own version of SSH that supported this option, I guess. Possibly the version of ssh installed by the fink project would support it, I don't know.



[ Reply to This | # ]
Avoide router timeouts during ssh sessions
Authored by: bill_mcgonigle on Jun 17, '04 08:41:06PM
Unfortunately the Fink stable version is still OpenSSH 3.7 - you need OpenSSH 3.8 to make this work.

Fortunately, it compiles out of the box on Mac OS X - I just did this yesterday on 10.3.4.

Download: ftp://mirrors.rcn.net/pub/OpenBSD/OpenSSH/portable/openssh-3.8p1.tar.gz
Expand it (Stuffit works fine), get to a shell, and cd into the unpacked directory.

Do:

./configure && make && sudo make install

Setup your PATH to include /usr/local/bin first to override the built-in ssh when you type 'ssh bob@foo.com'.

Also, don't bother changing the system-wide config file. Make a file called ~/.ssh/config and put:

ServerAliveInterval 60

in there. Save and go.
So far so good - this works as long as your connection to the machine is stable.


[ Reply to This | # ]
Avoide router timeouts during ssh sessions
Authored by: JohnnyMnemonic on Jun 17, '04 11:49:56PM

That's interesting--only because the original hint for sshd_config works fine on 10.2.8 Server (connecting from only 10.3 clients). In that case, I've changed the ssh server config file--so is it the fact that it's the ssh server being edited and not the ssh client, or the fact that it's an OS X Server instead of an OS X client that's being changed, that allows this to work under 10.2.8--out of the box, no ssh upgrade?



[ Reply to This | # ]
Avoide router timeouts during ssh sessions
Authored by: remko on Jun 18, '04 03:55:51AM

I have the same issue with my NAT. Under Linux, i was able to use the 'ProtocolKeepAlives' parameter at the client side. However, with the exact same (fink) version of ssh under MacOS, this option is absent for some reason.



[ Reply to This | # ]
Avoide router timeouts during ssh sessions
Authored by: pjt33 on Aug 25, '04 03:56:14PM

You can use autossh (available through fink) to keep a connection alive from the client-side. Should I post my Perl script to automatically select a port for autossh as a hint? If anyone wants me to, e-mail me - address obtainable by Googling my username.



[ Reply to This | # ]
You've got a buggy router
Authored by: ducasi on Jun 16, '04 06:07:15PM

This must be the result of a buggy router.

Routers should not time out connections after 10 minutes when it knows fine that the connection is still open. OpenSSH normally tickles the connection every 30 minutes using a TCP keep-alive packet (a 0-byte packet.) This is a TCP standard. If the router drops the connection sooner than that it's not keeping to the standard.

I used to use a NetGear router that dropped TCP keep-alives. As a result my TCP sessions would die maybe an hour after being idle. (It doesn't mind losing one keep-alive, but gets upset if two go missing.)

As a result I had to turn on these ClientAlive tickles. I also decided to dump the router.



[ Reply to This | # ]
You've got a buggy router
Authored by: drauh on Jun 17, '04 12:01:24AM

What router did you get, instead?



[ Reply to This | # ]
You've got a buggy router
Authored by: n9yty on Jun 17, '04 12:37:22AM

Not a buggy router...

This isn't necessarily a ROUTER issue, so much as a NAT issue. The system decides which NAT'd connections to track, and if they aren't used after a period of time, they drop out. This even happenened in some of the earliest Linux setups I put together using ipmasq to provide NAT services... You could specify the timeout differently for various services if you wish, but most "cheap" routers/etc don't offer you that.



[ Reply to This | # ]
You've got a buggy router
Authored by: napdaddy on Jun 17, '04 04:52:23PM

Maybe this explains why I always seem to lose my Cisco VPN connection at home after short periods of inactivity. If I'm at work, I can keep the VPN connection up indefinitely without doing anything. I have a Netgear WGR614 at home. Maybe that's the culprit. Any suggestions to fix this short of getting a new router would be welcome. Any suggestions for a new router would be welcome too. :)

disclaimer: I'm running the Cisco VPN client on my win2k machine, but it's pretty much the same deal.



[ Reply to This | # ]
You've got a buggy router
Authored by: bill_mcgonigle on Jun 17, '04 08:29:35PM

Technically, it's a bug. But NAT vendors bill it as a feature.

Most customers don't know this feature is on or where to turn it off or that it's usually set for 5-10 minutes by default.

And you can't control all the NAT gateways between your home and your destination, typically.

Hence the SSH guys came through with a fix. FYI, setting TCP SO_KEEPALIVE doesn't make these NAT boxes work, they ignore it.



[ Reply to This | # ]
You've got a buggy router
Authored by: jporten on Jun 18, '04 07:10:55PM

The network you're using is somehow also involved. I'm using a first-gen Airport at home. At home, SSH connections persist however long (I've got one that's been running, mostly unused, for 16 hours). Other places, they drop after a few minutes idling.

I narrowed this down to connections coming in over T-Mobile hotspots; will see if this fix helps at all.



[ Reply to This | # ]
Had to do 60 seconds on my router
Authored by: iwbyte on Jul 22, '04 04:04:37PM

What a godsend! I was experiencing this very same issue for the longest time, and the odd thing is that it didn't happen on my PC on the same network, but did on my Mac OS X and Mac OS 9 machines.

I was going to get a new router when I found this - I also have the AERO Xrouter from MacSense, and I tried the above code, but it didn't make any difference.

Grasping at straws, I reduced the time down to 60 seconds and now I can stay logged in as long as I want!
Thank you!



[ Reply to This | # ]