On Tue, 2004-07-13 at 18:51, Real Cucumber wrote: > I have a fedora firewall/router using iptables to > forward incoming SSH packets to an internal server and > it works great....however, only if the user does not > remain idle for 1 minute. If you're going to use SSH through a stateful firewall, you should disable out-of-band keep-alives and enable in-connection keep-alives. I use this in sshd_config: # In older versions of OpenSSH, it's KeepAlive, not TCPKeepAlive TCPKeepAlive no ClientAliveInterval 30 ClientAliveCountMax 120 See the sshd_config(5) manual page for implications. Ciao, Sheldon.
