[ale] SSH Woes

Bob Toxen transam at verysecurelinux.com
Fri Apr 22 01:46:20 EDT 2005

On Thu, Apr 21, 2005 at 10:43:11AM -0400, Michael B. Trausch wrote:
> Hash: RIPEMD160

> Does anyone here know of issues with 2.6.x.x kernels and long-term SSH
> connections?

> I know that if I SSH into my system with, the connection seems
> to randomly crap out.  If I do so to 2.4.29 or 2.4.30, it doesn't.

> This happens directly on the same subnet, as well as over the Internet
> with nothing between.
It happening on the same subnet rules out braindamaged firewalls.

First, try doing:

  cat /proc/sys/net/ipv4/tcp_keepalive_time

to see what your TCP keepalive time is under each kernel.  If it is much
longer under your 2.6 kernel, try adding:

  # Bob: Shorten for SSH through finicky firewalls (default is 7200 secs):
  echo "Set TCP keepalive time to 180 seconds"
  echo 180 > /proc/sys/net/ipv4/tcp_keepalive_time

to your /etc/rc.d/rc.local file and rebooting.

Please let me know if that is the problem.

> Ideas?

> 	Thanks,
> 	Mike

> - --
> Michael B. Trausch                               <fd0man at gmail.com>
> Website: http://fd0man.chadeux.net/     Jabber: mtrausch at jabber.com
> Phone: +1-(678)-522-7934              FAX (US Only): 1-866-806-4647
> ===================================================================
> Do you have PGP or GPG?  Key at pgp.mit.edu, Please Encrypt E-Mail!

> Version: GnuPG v1.2.1 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

> iD8DBQFCZ7v/PXInbkqM7nwRA2wDAJ4hxlXnTJgOvdRsQ4jtHC3F+PzkvQCdHNfd
> 87MJ4pHXwSxHdFiFBScbyrk=
> =ZA8u

Best regards,

Bob Toxen, CTO
Fly-By-Day Consulting, Inc.
d/b/a Horizon Network Security
"Your expert in Firewalls, Virus and Spam Filters, VPNs,
Network Monitoring, and Network Security consulting"

http://www.verysecurelinux.com       [Network & Linux/Unix Security Consulting]
http://www.realworldlinuxsecurity.com [My 5* book: "Real World Linux Security"]
http://www.verysecurelinux.com/sunset.html                    [Sunset Computer]
bob at verysecurelinux.com (e-mail)

My recent training and talks on Linux security include:
  at IBM's Linux Competency Center in New York City     on Mar.  06   2003
  at the Atlanta SecureWorld Expo in Atlanta            on May   22   2003
  at the Enterprise Linux Forum in Silicon Valley       on June  04   2003
  at Computer Associates' Atlanta Linux Security Summit on Sep.  16   2003
  in New Jersey                                         on Oct. 27-30 2003
  at Southeast Cybercrime Summit in Atlanta             on Mar.   4   2004
  at the FBI's Atlanta headquarters                     on Mar.  10   2004
  in Denver, CO                                         on Apr. 15-16 2004
  in New Jersey                                         on May. 25-26 2004
  at the Atlanta SecureWorld Expo in Atlanta            on May   27   2004
  in Denver, CO                                         on Jul. 12-13 2004
  at Linux World SF signing at Prentice Hall's booth    on Aug.  03   2004
  in Denver, CO                                         on Sep. 27-28 2004
  in Boston, MA                                         on Oct. 11-14 2004
  at Atlanta Unix Users Group                           on Nov.  01   2004
  in New Jersey                                         on Nov. 15-16 2004
  in Denver, CO                                         on 2/28-3/04  This Year

"Real World Linux Security: Intrusion Detection, Prevention, and Recovery"
2nd Ed., Prentice Hall, (C) 2003, 848 pages, ISBN: 0130464562
Also available in Japanese, Chinese, Czech, and Polish.

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

Public key available at http://www.verysecurelinux.com/pubkey.txt, keyservers,
  and on the CD-ROM that comes sealed and attached to Real World Linux Security
pub  1024D/E3A1C540 2000-06-21 Bob Toxen <book at realworldlinuxsecurity.com>
     Key fingerprint = 30BA AA0A 31DD B68B 47C9  601E 96D3 533D E3A1 C540
sub  2048g/03FFCCB9 2000-06-21

More information about the Ale mailing list