Secure Shell
ssh ServerAlive probes Apr 05 2011 03:48PM
Don Tucker (dtucker arlut utexas edu)
Hello,

I am working on an application that needs to be able to rapidly detect a
lost connection between an ssh client and ssh server. I am using ssh to
do local and remote port forwarding, and sending data across the
forwarded ports. I was originally relying upon the TCPKeepAlive probes,
but found that I could not consistently detect a lost detection. Using
the ServerAliveInterval and ServerAliveCountMax options, however, I am
able to consistently detect a lost connection. The problem is, if I am
using a low-bandwidth connection (cellular modem), and I am pushing a
significant amount of data across, it seems that this hinders the
communication between the client and server with the ServerAlive
messages. In other words, when I am actually USING the connection, my
application can mistakenly detect the connection as lost because the
ServerAliveInterval x ServerAliveCountMax is exceeded without a response
from the server. I was surprised at this behavior, since I expected the
ServerAlive probes to only start after data flow between the client and
server machines across that connection had ceased, but perhaps I am
misunderstanding. I do not have much leeway as to how the server is
configured. Can someone recommend a way to be able to both (1) quickly
detect a lost connection [which, seems to require the interval and
countmax be small], but not mistakenly detect the connection as lost
when it is being used?

Thank you for any assistance.

Don

0? *?H?÷
 ?0?1 0 +0? *?H?÷
 ?ê0?y0?a  ? _Æ?ëÒ?#é0
 *?H?÷
0?1 0 UUS10U
U.S. Government1 0
U ECA1"0 U Certification Authorities1>0<U5VeriSign Client External Certification Authority - G20
100527000000Z
130526235959Z0?1 0 UUS10U
U.S. Government1 0
U ECA10U VeriSign, Inc.1*0(U !The University of Texas at Austin10U
Donald Tucker0?"0
 *?H?÷
?0?
?¢?ì¿Þ1ºJd%BØ(Åï0aÁFû§?
tÊ?JàßDÇ39ADÝp¥ýÏ×æ?XwJ~bУónãÙܳ¦Àª¹NcªÜ=¶O¯???/ß`9`<,+}?37!
+¬6Ù{ÿÃÖ|?ý?²~ù?Í8i?¸?Ò¶´
RÊö«°?choùdnHñçÏÐz6y7rîÜ¡?M|TR)¯´?¿d????ý#5g»e?EB{ßaÏT?yù=.Ä«ãç¯
S¥ÆÚùìF±?_ÔUo·¿?óiáz¾!¹ da?>A?;篧Æ3-a¶.k?"ÓÌé»õ£?À0?¼0Q
UJ0H0F D B?@http://eca-client-crl.verisign.com/VeriSignECA2048/Lates
tCRL.crl0Uÿ 0Uõ¶v}?ã÷Sºå´iH??×ç00U#0?
OÂÅڐ"ÝPô!Kür(0#U0dtucker (at) arlut.utexas (dot) edu0 [email concealed]?+t0r0
?+0?3https://eca2048.verisign.com/CA/VeriSignECA2048.cer0/+
0?#http://eca-client-ocsp.verisign.com0RU K0I0G
`?He 0907++https://www.verisign.com/repository/eca/cps0U 00+ 1US0
 *?H?÷
?8îÙ?¨-À?´¼>ÊðÝAH«Hý|Å×µI¦4 x?«]Ðú|ô×®ã_lµS?N uÚ ¶®ß?5¯ó?mæfqw?+<ó¹Q?q1¥?î?°â?Tû4Я??W¯%lâøúÎÎáS?úQ$?ia¤X+
U?éFccÝcµ#G5#H|À¨
Éuï?²SÏ6 Zu¡è¹*H^x¯??º_ÔX4b ¬ñÐ%±ÿåè÷<vÉéVcÈZ?à?þ<oI=~ßý?~>yX3ûYlyènàä#Ù¹O(³ë
^¸DóMßqÔ]ºàè??Ð?ð
ëâ@é?q0?y0?a T@Ó÷æ[\ÄR0
 *?H?÷
0?1 0 UUS10U
U.S. Government1 0
U ECA1"0 U Certification Authorities1>0<U5VeriSign Client External Certification Authority - G20
100527000000Z
130526235959Z0?1 0 UUS10U
U.S. Government1 0
U ECA10U VeriSign, Inc.1*0(U !The University of Texas at Austin10U
Donald Tucker0?"0
 *?H?÷
?0?
?ã£(?pÚP^j?
²Ð???4f#?Ûù?Õ.À¿S2?²RÕ n+Æï5c?|á?Â÷~Nèf?Þ:$8pbIeÔè=u¢î¿?r.=1óJ>=í2?+????pÙ¬§]ê?:t?
qvVê UMf¸`ß-6ÐWXÄG #ZO3Fí»à?æ?Í?Oy2*nfxÄê#­TX0núVFÅ$µÒlßS2KñXÆNßQ!ÒÝuÞ¥.Q ?Ks«Ç;õ?Çù*?»v¯Ü­ðS?ù¾®#.2·QL??w¾Ñ»{xïÌüóï Êk T?j(­tè½Y?¤,ÝR¢õý
£?À0?¼0QUJ0H0F D B?@http://eca-client-crl.verisign.com/VeriSign
ECA2048/LatestCRL.crl0UÿÀ0U÷¬J??T?mO9?qü]" ;ý0
U#0?
OÂÅڐ"ÝPô!Kür(0#U0dtucker (at) arlut.utexas (dot) edu0 [email concealed]?+t0r0
?+0?3https://eca2048.verisign.com/CA/VeriSignECA2048.cer0/+
0?#http://eca-client-ocsp.verisign.com0RU K0I0G
`?He 0907++https://www.verisign.com/repository/eca/cps0U 00+ 1US0
 *?H?÷
?
©ËæçêaD5wnHVØÛ±??-?'u;¥³"%,Ì1OA?`?xͱK4ZLû] ÌQU4?Â0?ÎÔ¬ü?Ç" 
??Á}­?°a?&ì D?©KÒWZ^.Óbw)¸?Á[A*äûµ±R
ð+WÂÄ·bR ´²?cÛ4|lÄÙ"c?ûÙ+y5­ö]???-·?©#sú¸j8ëí?a ?E?}?Ð#¹kºdòò"?¢??
]?½?\ɾǯÌ??I¹Ó??Y\?ùÏ!ÊȾ"¤`ç]ìw¨±õ
?)=pNA'?É6Û."? jö_¿<ú0?ì0?Ô 
0
 *?H?÷
0M1 0 UUS10U
U.S. Government1 0
U ECA10U
ECA Root CA 20
080702144118Z
140701144118Z0?1 0 UUS10U
U.S. Government1 0
U ECA1"0 U Certification Authorities1>0<U5VeriSign Client External Certification Authority - G20?"0
 *?H?÷
?0?
?¼ ?ëò?h
?$8Îæ!x^?`°_Ú
p?bâ?¼??B+&Ê?Ó¨µ??þñþ?ÛT Sº ?I?©t$Næã¡<ßñfc_©#Añ?â?4ssgÌhîz
7_Ô?#Ë?Ä.^ê{>j?-ÒÁ1?¸??ªGvó·^?÷0??q÷|,vsñ~?,ó±©ý­?G??uH#?³¤$°
ª¥?·VEÇ?|±qé
O³#-¿+¹%?a¶!öé?/
oÁ?a?l=¼Ï#?zM0½z©z Zc,/OKL¨ñv@ ?U6·i5éÔ§?ü¯µÙÙ£??0??0Uÿ0ÿ0Uÿ?0-U
&0$¤"0 10UPrivateLabel4-2048-810U
OÂÅڐ"ÝPô!Kür(0U#0?íä?Ð'ÄPæ?:÷Ì÷ë:IüRN!03U ,0*0 
`?He 0 
`?He 0 
`?He 0ÈUÀ0½04 2 0?.http://crl.disa.mil/getcrl?ECA%20Root%20CA%2020?
  ?}ldap://crl.gds.disa.mil/cn%3dECA%20Root%20CA%202%2cou%3dECA%2co%3
dU.S.%20Government%2cc%3dUS?certificateRevocationList;binary0î+
á0Þ0?+0?3http://crl.disa.mil/getIssuedTo?ECA%20Root%20CA%202
0?+0?ldap://crl.gds.disa.mil/cn%3dECA%20Root%20CA%202%2cou%3d
ECA%2co%3dU.S.%20Government%2cc%3dUS?cACertificate;binary,crossCertifica
tePair;binary0
 *?H?÷
?²^@Î dG<?ajzq?&)£?k¢ÀÆl7lõâÎæÖ«à,EÜ(?_ij?/&?Qk6Ã` ¿¼?ß?Íâ?t?w×SÉ!VÕyÀIàO×6¯¸cB?X?èé?!¼ ÆƬ?æ ©??©ý/Õ*1ÕÎoâ
}Ì*êÈèHHبLå"?'K|z?u?)?wƯ\??Ê<?ÐVu??îï4½»BÂÕwl~j0&× ?%<×²?ÿ¾íÒÿ
Ôàý1Êس-G°
!`?o?kêCñ%H?hBP}´Êû#_^|?{'cl/e0ÊG?>ƾ)ÃûOÿ¼=þìêa1?0?0®0?
1 0 UUS10U
U.S. Government1 0
U ECA1"0 U Certification Authorities1>0<U5VeriSign Client External Certification Authority - G2T@Ó÷æ[\ÄR0 + ?D0 *?H?÷
 1  *?H?÷
0 *?H?÷
 1
110405154844Z0# *?H?÷
 13úu"Âý×,LË¥?-?m.0_ *?H?÷
 1R0P0  `?He0
*?H?÷
0*?H?÷
?0
*?H?÷
@0+0
*?H?÷
(0¿ +?71±0®0?1 0 UUS10U
U.S. Government1 0
U ECA1"0 U Certification Authorities1>0<U5VeriSign Client External Certification Authority - G2 ? _Æ?ëÒ?#é0Á *?H?÷
  1± ®0?1 0 UUS10U
U.S. Government1 0
U ECA1"0 U Certification Authorities1>0<U5VeriSign Client External Certification Authority - G2 ? _Æ?ëÒ?#é0
 *?H?÷
? û»&¶Y>iÊpz$øýãj'&,`éÃ?Åà däãEWÔÝd@§ó.±Ñ`FÂ??HÒÀa"àÉ~¦QõrsR<??«(@J:3ÁKîÎeÅ=ÊÃ3D.´bõÕ[aF¬
|78.Ráõ'
2Ûï"ðIJÝ?.ÅHÔt??[ò볯:L%r?Tú%Ñi?vODÒ: ¿xåªÎåÅI{É°m¸ÒfmbëÃE?´ýâ¶QÅkw?OáÏãc^þí?¥üaKÊ·Ù?I22õ!øIimtû¦I]P{
ÈiÁeÎ?-¼fëyEȪx2t3ìÉÆç¯
<??

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus