SSH keep alive

Nicholas Leippe nick at leippe.com
Mon Feb 23 15:45:04 MST 2009


On Mon Feb 23 2009 13:46:04 Kenneth Burgener wrote:
> Without the keep alive, doesn't the SSH connection automatically
> terminate after so many minutes?  Is the auto terminate a function of a
> NAT router in the path, or is that a client or server option?  I just
> want my connection to stay open indefinitely, so if keep alives are not
> the way to go about, is there a better way?

Depending on what's in the network path between your endpoints, you may or may 
not want keepalive. If there's a nat'ing firewall in between that has 
agressive timeouts, and you get disconnects, what you'd want to do is decrease 
the keepalive interval to keep the nat table entry warm, but increase the max 
attempts by a lot so that ssh doesn't give up easily.

If you find yourself using the same tunnels a lot, I recommend upgrading to a 
more permanent solution--use openvpn in udp mode, and turn off all the 
keepalive stuff in ssh. Then, if the network goes down, as long as you aren't 
actually using the ssh (such that it notices), your connections will stay 
open. If you do have an outage while you're using it, ssh will wait until a 
full tcp timeout (3min) before giving up, w/all the normal tcp retry stuff. So 
if your outage is short your session will still survive.





More information about the PLUG mailing list