How to maintain a persistent SSH connection?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hello,

I'm tasked with establishing a persistent SSH connection across
a very unreliable link, for a remote port forward (always port
2217). I figured I'd use ServerAliveInterval to make sure that the
ssh(1) process dies when the connection appears down, and I use
systemd to restart it in this case. This works fine.

What does not work fine, however, is the server-side. If the
connection goes down, sshd(8) lingers on the remote, bound to the
port that I need to forward back across the link. As a result, new
connections can't bind the port.

The sshd(8) process stays around for an unspecified time (>90min)
after the connection went down.

I realise I could use ClientAliveInterval on the server-side, but
there seems to be no way to specify this per-connection, and
there simply won't be a server-wide policy change in this case.

The ssh_config(5) manpage *does* state:

  The server alive mechanism is valuable when the client or server
  depend on knowing when a connection has become inactive.

but this promise currently isn't kept, because the server actually
doesn't find out about the "server alive" mechanism.

Would it be too far-fetched for ssh(1) to communicate to sshd(8) on
the remote that it intends to send pings and that the connection
will be torn down if those pings remain unanswered? Then the sshd(8)
process would know and could react accordingly.

Or is there another way to do this per-process/-connection? Short of
running a separate sshd(8) on another port?

It's probably a big change, as it'd require the protocol to be
touched, but maybe provisions for such extensions already exist?

Do you have any thoughts, gauges of success of such a wishlist, or
short-term solutions?

Thanks,

-- 
@martinkrafft | http://madduck.net/ | http://two.sentenc.es/
 
who's general failure, and why's he reading my disk?
 
spamtraps: madduck.bogus@xxxxxxxxxxx

Attachment: digital_signature_gpg.asc
Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux