Detect dropped connections

Wed Jul 7 17:42:11 WST 2010

Hi Johan

We are using dropbear in a similar way to yourself.

You're correct that the -K option should prevent the server and the routers
in between from closing the connection.
I tried using the -I option in the same way that you did but it didn't work
for me.  I suspect that the keep-alives sent with the -K actually prevent
the link from ever appearing as "idle", although I'm not entirely sure.

We decided to use 'autossh' to launch 'dbclient' and monitor the connection
by sending its own link test messages.  See:
http://www.harding.motd.ca/autossh/
That works well for us.  However, we still had one issue.  If dbclient
failed to set up the reverse tcp forward, it wouldn't exit with an error so
autossh would never know.
So I made the following minor code change (perhaps this could be considered
for a future release of dropbear?):

--- dropbear-0.52_orig/cli-tcpfwd.c      2008-11-11 14:09:02.000000000 +0000
+++ dropbear-0.52_new/cli-tcpfwd.c  2010-06-30 16:05:17.000000000 +0000
@@ -172,8 +172,16 @@
                if (!iter->have_reply)
                {
                        iter->have_reply = 1;
-                       dropbear_log(LOG_WARNING, "Remote TCP forward
request failed (port %d -> %s:%d)", iter->listenport, iter->connectaddr,
iter->connectport);
-                       return;
+
+            if (cli_opts.no_cmd)
+            {
+                dropbear_exit("Remote TCP forward request failed (port %d
-> %s:%d)", iter->listenport, iter->connectaddr, iter->connectport);
+            }
+            else
+            {
+                dropbear_log(LOG_WARNING, "Remote TCP forward request
failed (port %d -> %s:%d)", iter->listenport, iter->connectaddr,
iter->connectport);
+                return;
+            }
                }
                iter = iter->next;
        }

We run dbclient with the -N option, so I tied the above behaviour to that.
dbclient will exit if the -N option is set and a remote tcp forward request
fails.  Subsequently, autossh will restart dbclient again.  This does the
trick for us.

Hope this helps.

Best regards,
-Dan




-----Original Message-----
From: dropbear-bounces at ucc.asn.au [mailto:dropbear-bounces at ucc.asn.au] On
Behalf Of Johan Ribenfors
Sent: 06 July 2010 14:30
To: dropbear at ucc.asn.au
Subject: Detect dropped connections

Hi,

We have upwards of 70 embedded pcs running linux, and are trying to use
dropbear to set up ssh tunnels to our server.

This is so we don't have to worry about dynamic ips, router configuration,
mesh networks or any other of the strange setups we've encountered.

The command we are using is:

dbclient -R <remoteport>:localhost:<localport> -I 60 -K 30 -g -T -N -f -i
<key> <user>@<host>

If I've got the arguments correct, the -I should cause dbclient to exit if
it doesn't recieve any keep alive packets from the server within 60 seconds.

The -K should cause dbclient to send a packet every 30 seconds to prevent
routers etc from closing the connection.

Generally, this seems to work.  However, we occasionally get a situation
where the server has stopped listening on the relevant port, and dbclient
hasn't detected this and exited.

Have I missunderstood the arguments, or missed a setting?

This is Dropbear client v0.52

Thanks in advance.

- Johan

