Another question about tunnelling
Jamie Lokier
jamie at shareable.org
Wed Sep 20 09:17:35 WST 2006
Matt Johnston wrote:
> > To stop it from terminating, I have to send something:
> >
> > (while:; do sleep 20; echo keepalive; done) | \
> > dbclient -T -i $HOME/.ssh/id_rsa.db -R 10000:127.0.0.1:23 user at host \
> > 'while :; do sleep 20; echo keepalive; done'
> >
> > As the sole purpose of the dbclient command in this case is to set up
> > a tunnel, is there an easier way to do this than all the extra input?
> >
> > In other words, is there a way to enable keepalive messages without
> > having to pipe something in, perhaps like OpenSSH's ClientAlive
> > options?
>
> There's nothing there currently, though I might add
> something like that in a future version.
Thanks for the reply!
For reference, I noticed something interesting in the behaviour of
keepalives recently.
I had a number of little devices running dbclient, connecting to a
server running OpenSSH, doing this:
dbclient -T -i $HOME/.ssh/id_rsa.db -R 10000:127.0.0.1:23 user at host \
'while :; do sleep 20; echo keepalive; done'
(Note: No input to dbclient, just responses from the server).
Those terminate after 2 minutes if there's no traffic over the tunnel.
(Conveniently, when there's tunnel traffic, they don't terminate).
However, they were connecting over an IP NAT. At some time, it
appears the NAT state was reset, so packets from the server could no
longer get to the clients.
I found (to my surprise) that the clients didn't terminate after this
happened. They kept running, with no traffic.
This indicates that the 2 minute timeout is not internal to dbclient,
but is caused by the OpenSSH server terminating the connection after
lack of incoming traffic. But I couldn't find anything in the OpenSSH
server config to configure that 2 minutes. Curious.
-- Jamie
More information about the Dropbear
mailing list