Getting dbclient to time out when network goes down with reverse proxy usage

Jesse Molina jesse at opendreams.net
Sat Jul 5 08:14:15 WST 2014


Fabrizio Bertocci contacted me and let me know that this seems to be a 
known issue.

https://www.mail-archive.com/[email protected]/msg00701.html

https://www.mail-archive.com/[email protected]/msg00980.html



The work I am doing is on an OpenWRT device with 8MB of flash, so local 
space is very limited. I had to install the OpenSSL client yesterday, 
which took up nearly an additional 2MB of space, but at least it works. 
It would be nice to use dbclient instead, but it's idle timer is just 
straight-up broken when used with -N -R.

This works as expected with OpenSSL client:

ssh -i $SSH_KEYFILE -o "ServerAliveInterval=15" -o 
"ServerAliveCountMax=4" -N -R $SSH_PROXY_PORT:localhost:22 
$SSH_USER@$SSH_HOST



On 7/4/14, 3:57, Jesse Molina wrote:
>
> Hello
>
> I am doing this:
>
> ssh -K 3 -I 60 -i keyfile -N -R 2222:localhost:22 user at host
>
> I am intending a dropbear ssh client to set up a reverse proxy 
> connection to a server, so I am using -N and -R.
>
> I am also using -K and -I so that the connection sends keepalives and 
> will timeout if the network is disrupted.
>
> My problem is that the above results in the session dying 60 seconds 
> after setup is finished because the idle timeout is being hit.  I am 
> not sure how -I is metering inbound traffic, but it's apparently not 
> picking up anything.
>
> Note that I have "ClientAliveInterval 15" set on the sshd_config 
> server side. I would expect dropbear to count this traffic towards -I.
>
> Without -I above, it took my device 18 minutes to figure out that I 
> had pulled the network out from under it by shutting down the 
> interface. That isn't acceptable.
>
> Can dropbear do this, or do I need to use openssh?  I get the feeling 
> after reading what I have read that dropbear is too simple to figure 
> out when the server has gone away in most situations.
>
>
>
> Relevant:
>
> https://www.mail-archive.com/[email protected]/msg00978.html
>
> https://www.mail-archive.com/[email protected]/msg00648.html
>
> https://www.mail-archive.com/[email protected]/msg00402.html
>
> Thanks in advance.



More information about the Dropbear mailing list