Detect dropped connections

Johan Ribenfors johan at dicam.org.uk
Wed Jul 21 21:47:10 WST 2010 

Johan Ribenfors <johan <at> dicam.org.uk> writes:

> 
> Hi,
> 
> We have upwards of 70 embedded pcs running linux, and are trying to use  
> dropbear to set up ssh tunnels to our server.
> 
> This is so we don't have to worry about dynamic ips, router configuration,  
> mesh networks or any other of the strange setups we've encountered.
> 
> The command we are using is:
> 
> dbclient -R <remoteport>:localhost:<localport> -I 60 -K 30 -g -T -N -f -i  
> <key> <user>@<host>
> 
> If I've got the arguments correct, the -I should cause dbclient to exit if  
> it doesn't recieve any keep alive packets from the server within 60  
> seconds.
> 
> The -K should cause dbclient to send a packet every 30 seconds to prevent  
> routers etc from closing the connection.
> 
> Generally, this seems to work.  However, we occasionally get a situation  
> where the server has stopped listening on the relevant port, and dbclient  
> hasn't detected this and exited.
> 
> Have I missunderstood the arguments, or missed a setting?
> 
> This is Dropbear client v0.52
> 
> Thanks in advance.
> 
> - Johan
> 
> 

Hi,

I thought it was time I posted our solution.

Farrell Aultman suggested a patch by Ahilan (http://comments.gmane.org/
gmane.network.ssh.dropbear/936)

This compiled and ran fine - but didn't solve the problem.  The server 
(OpenSSH) would still drop the occasional connection and dropbear wouldn't 
notice.  I might be using it incorrectly, (I hope I am) but don't think so. 
Just to make it difficult, when testing dropping the connection on the server - 
with -A or -I - dropbear _always_ notices.

We ended up with a workaround, rather than a proper solution.  

The server knows what connections should be open, and maintains a list of the 
ones that aren't.

Each site (embeded pc) has a cronjob that runs every minute and queries the 
server for the currently _inactive_ connections.  It then restarts those 
connections locally.

Worst case, a tunnel is down for a minute.

I have a feeling someone else has posted this approach in the mailing lists 
already.  It felt clunky when I read it then, and feels clunky now.  But much 
as I'd like a proper solution, this one works.

- Johan

More information about the Dropbear mailing list