Getting dbclient to time out when network goes down with reverse proxy usage

Matt Johnston matt at
Wed Jul 9 00:21:52 WST 2014

On Fri, Jul 04, 2014 at 03:57:09AM -0700, Jesse Molina wrote:
> Note that I have "ClientAliveInterval 15" set on the sshd_config
> server side. I would expect dropbear to count this traffic towards
> -I.
> Without -I above, it took my device 18 minutes to figure out that I
> had pulled the network out from under it by shutting down the
> interface. That isn't acceptable.
> Can dropbear do this, or do I need to use openssh?  I get the
> feeling after reading what I have read that dropbear is too simple
> to figure out when the server has gone away in most situations.

I've now made "-K" do the same as OpenSSH's
ServerAliveInterval/ClientAliveInterval. CountMax is
hardcoded to 3 in options.h - I don't think that needs to be
a runtime setting. I've only given it brief testing, it
might need some more attention to cases such as clients
being suspended (laptop lid shuts).

I don't _think_ anyone really desired the old -K behaviour
of sending keepalives but not caring about the response - it
can still be used to keep a NAT session open, and if you've
gone that long without a response then the session is
probably dead anyway. Someone please correct me if I'm

-I deliberately ignores keepalive traffic to avoid bad
interactions. I think that's desirable.

For reference the issue Fabrizio had with OpenSSH
ClientAliveInterval looks like it was fixed in OpenSSH 4.9
I've also made Dropbear send a SSH_MSG_REQUEST_FAILURE
response as suggested in Ahilan's reply - better late than


More information about the Dropbear mailing list