"Connection Reset By Peer" on ssh sessions
Dave Johnson
dave-gnhlug at davej.org
Sat Feb 4 11:19:00 EST 2006
Lloyd Kvam writes:
> On Sat, 2006-02-04 at 09:36 -0500, Fred wrote:
> > I've got an annoying problem with the new Verizon Fios service.
> >
> > If I leave an ssh session open and sits idle for longer than 2-5
> > minutes, it
> > is killed with a "Connection Reset by Peer" error message.
> >
> I've seen this kind of behavior where there is a stateful, inspection
> firewall processing packets, though never with a timeout this small.
> When the firewall dropped the connection info from its state tables, any
> subsequent packets would be mangled and unacceptable to the remote end
> which would then close the connection - generating the Connection Reset
> by Peer message at the local end.
>
> I ran tcpdump at both endpoints to document what was happening. The
> firewall managers were unwilling to make any changes.
>
> I do not know if you will be able to get Verizon to do anything to fix
> the problem. At least ssh has a keep-alive feature that should be
> somewhat configurable. Hopefully you can send a keep-alive packet every
> 2 minutes.
Ya, definately a firewall or NAT device is aging out your connection
from it's connection table. It can be this short of a time if the
device is overloaded with connections (such as in a DDoS) or its table
size is simply too small for what traffic is flowing through it and it
needs to throw out old connections to make room for new ones.
Best bet is to use '-oProtocolKeepAlives=90' or
'-oServerAliveInterval=60 -oServerAliveCountMax=3' depending on what
version of openssh you are using.
--
Dave
More information about the gnhlug-discuss
mailing list