Hello, I'm tasked with establishing a persistent SSH connection across a very unreliable link, for a remote port forward (always port 2217). I figured I'd use ServerAliveInterval to make sure that the ssh(1) process dies when the connection appears down, and I use systemd to restart it in this case. This works fine. What does not work fine, however, is the server-side. If the connection goes down, sshd(8) lingers on the remote, bound to the port that I need to forward back across the link. As a result, new connections can't bind the port. The sshd(8) process stays around for an unspecified time (>90min) after the connection went down. I realise I could use ClientAliveInterval on the server-side, but there seems to be no way to specify this per-connection, and there simply won't be a server-wide policy change in this case. The ssh_config(5) manpage *does* state: The server alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive. but this promise currently isn't kept, because the server actually doesn't find out about the "server alive" mechanism. Would it be too far-fetched for ssh(1) to communicate to sshd(8) on the remote that it intends to send pings and that the connection will be torn down if those pings remain unanswered? Then the sshd(8) process would know and could react accordingly. Or is there another way to do this per-process/-connection? Short of running a separate sshd(8) on another port? It's probably a big change, as it'd require the protocol to be touched, but maybe provisions for such extensions already exist? Do you have any thoughts, gauges of success of such a wishlist, or short-term solutions? Thanks, -- @martinkrafft | http://madduck.net/ | http://two.sentenc.es/ who's general failure, and why's he reading my disk? spamtraps: madduck.bogus@xxxxxxxxxxx
Attachment:
digital_signature_gpg.asc
Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev