[wellylug] ssh problem

[Geraint Jones]

You could try and set their default shell to /bin/echo but I have no
idea if it would actually work

Geraint

-----Original Message-----
From: wellylug-admin at lists.wellylug.org.nz
[mailto:wellylug-admin at lists.wellylug.org.nz] On Behalf Of Mark Signal
Sent: Thursday, February 03, 2005 11:21 AM
To: wellylug at lists.wellylug.org.nz
Subject: Re: [wellylug] ssh problem

Further info...
it appears that when the client connects with -N (Do not execute a 
remote command - which is neccesary as client account have no shell) - 
then  ClientAliveInterval does not work.

 Is there a shell that I can allocate users that allows them to do 
nothing other than logon?

Mark Signal wrote:

> Hi
>
> I have a couple of debian servers that clients ssh into and setup port

> forwarding. Every now and then a client connection drops but the 
> connection stays alive on the server and while it doesnt stop the user

> reconnecting it does screw the port forwarding up because the initial 
> connection seems to "hold on"  to the  forwarded ports.
>
> To try and fix this I set ClientAliveInterval 60 and 
> ClientAliveCountMax 5 in sshd_config as the man page implies that this

> fixes the problem:
>
> ClientAliveCountMax
>             Sets the number of client alive messages (see above) which

> may be
>             sent without sshd receiving any messages back from the 
> client.
>             If this threshold is reached while client alive messages
are
>             being sent, sshd will disconnect the client, terminating 
> the ses-
>             sion.  It is important to note that the use of client 
> alive mes-
>             sages is very different from TCPKeepAlive (below).  The 
> client
>             alive messages are sent through the encrypted channel and 
> there-
>             fore will not be spoofable.  The TCP keepalive option 
> enabled by
>             TCPKeepAlive is spoofable.  The client alive mechanism is 
> valu-
>             able when the client or server depend on knowing when a 
> connec-
>             tion has become inactive.
>
> The problem still occurs - has anyone got any ideas where else I could

> look to resolve this problem?
>
> regards
>
>
>
> Mark Signal
>
>
>
>
>


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.8.4 - Release Date: 1/02/2005


-- 
Wellington Linux Users Group Mailing List:
wellylug at lists.wellylug.org.nz
To Leave:  http://lists.wellylug.org.nz/mailman/listinfo/wellylug
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.