[wellylug] ssh problem

[Mark Signal]

Further info...
it appears that when the client connects with -N (Do not execute a 
remote command - which is neccesary as client account have no shell) - 
then  ClientAliveInterval does not work.

 Is there a shell that I can allocate users that allows them to do 
nothing other than logon?

Mark Signal wrote:

> Hi
>
> I have a couple of debian servers that clients ssh into and setup port 
> forwarding. Every now and then a client connection drops but the 
> connection stays alive on the server and while it doesnt stop the user 
> reconnecting it does screw the port forwarding up because the initial 
> connection seems to "hold on"  to the  forwarded ports.
>
> To try and fix this I set ClientAliveInterval 60 and 
> ClientAliveCountMax 5 in sshd_config as the man page implies that this 
> fixes the problem:
>
> ClientAliveCountMax
>             Sets the number of client alive messages (see above) which 
> may be
>             sent without sshd receiving any messages back from the 
> client.
>             If this threshold is reached while client alive messages are
>             being sent, sshd will disconnect the client, terminating 
> the ses­
>             sion.  It is important to note that the use of client 
> alive mes­
>             sages is very different from TCPKeepAlive (below).  The 
> client
>             alive messages are sent through the encrypted channel and 
> there­
>             fore will not be spoofable.  The TCP keepalive option 
> enabled by
>             TCPKeepAlive is spoofable.  The client alive mechanism is 
> valu­
>             able when the client or server depend on knowing when a 
> connec­
>             tion has become inactive.
>
> The problem still occurs - has anyone got any ideas where else I could 
> look to resolve this problem?
>
> regards
>
>
>
> Mark Signal
>
>
>
>
>


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.8.4 - Release Date: 1/02/2005