Timeout dead connections

Matt Johnston matt at ucc.asn.au
Thu Mar 28 19:24:55 WST 2013


I think that -K on the server should be enough. On the
server can you run "tcpdump -i eth0 -w cap1.cap port 22",
get a ssh session going, pull out the cable, wait 10
minutes, then send me the capture?

Could you also check that the Dropbear process for the
connection is still running after the connection should have
been finished. It's possible that the process is exiting but
the session cleanup code isn't working correctly. The whole
debug log might give me an idea what's going on.

Cheers,
Matt

On Thu, Mar 28, 2013 at 09:56:02AM +0100, Mattias Walström wrote:
> Thanks for your responses, all your suggestions imply that you should do something
> in the client (set keepalive on client end), but shouldn't the server itself be able to
> decide if a client is dead (can't OpenSSH do this?).
> 
> If I do the -K 15 -I 20 on the server end only, this will close the connection when
> the OpenSSH client has not sent any characters in 20s. I expected the keepalive to be
> two way, that the server got responses on these packages as well, is that not the case?
> 
> Regards
>  Mattias

> >>On Wed, Mar 27, 2013 at 11:24 AM, Mattias Walström <
> >>mattias.walstrom at westermo.se> wrote:
> >>
> >>>Hi!
> >>>I am running dropbear 2013.56, connecting to the server with a PC but
> >>>not performing a clean close (I pulled my ethernet cable), this caused
> >>>dropbear to never drop its connection.
> >>>
> >>>Looking at the utmp entries, I could see that the connection never got
> >>>dropped,
> >>>the utmp entries was kept forever, and running with debug indicates that
> >>>also.
> >>>  Tried to use -K to send keepalive, but it just keeps sending keepalives
> >>>to the peer,
> >>>even it is no longer there, and not possible to reach. Shouldn't
> >>>the connection be dropped if the keepalive does not reach its destination?
> >>>
> >>>I know there is the -I option, but that does not really do what I want,
> >>>I want the connection to be tear down when the peer is unreachable, not
> >>>when the user has been idle for a while.
> >>>
> >>>Regards
> >>>  Mattias
> >>>
> 


More information about the Dropbear mailing list