[ale] SSH Woes

Bob Toxen transam at verysecurelinux.com
Mon Apr 25 13:13:57 EDT 2005


On Fri, Apr 22, 2005 at 05:01:06PM -0400, Jim Popovitch wrote:
> On Fri, 2005-04-22 at 01:37 -0400, Bob Toxen wrote:
> >
> > First, try doing:
> > 
> >   cat /proc/sys/net/ipv4/tcp_keepalive_time
> > 
> > to see what your TCP keepalive time is under each kernel.  If it is much
> > longer under your 2.6 kernel, try adding:
> > 
> >   # Bob: Shorten for SSH through finicky firewalls (default is 7200 secs):
> >   echo "Set TCP keepalive time to 180 seconds"
> >   echo 180 > /proc/sys/net/ipv4/tcp_keepalive_time
> > 
> > to your /etc/rc.d/rc.local file and rebooting.
> > 
> > Please let me know if that is the problem.

> Hey, thanks Bob.  I don't know if this helped Michael, but it sure
> helped me.  I've been noticing all sorts of dropped connections (SSH,
> AIM Chats, Xwin, etc) from home that I don't see at other locations.
> Shortening my keepalive eliminated the problems.  This certainly has
> something to do with my Linksys AP.  What is the reasoning behind
> dropping so low to 180 (from 7200)?  Can their be any side affects? 
I dropped it that low because a client's junk firewall has such a low
timeout.  Besides, a pair of packets every 180 seconds is a trivial
load.

> -Jim P.
Bob



More information about the Ale mailing list