[ale] SSH Woes
Bob Toxen
transam at verysecurelinux.com
Mon Apr 25 13:13:57 EDT 2005
On Fri, Apr 22, 2005 at 05:01:06PM -0400, Jim Popovitch wrote:
> On Fri, 2005-04-22 at 01:37 -0400, Bob Toxen wrote:
> >
> > First, try doing:
> >
> > cat /proc/sys/net/ipv4/tcp_keepalive_time
> >
> > to see what your TCP keepalive time is under each kernel. If it is much
> > longer under your 2.6 kernel, try adding:
> >
> > # Bob: Shorten for SSH through finicky firewalls (default is 7200 secs):
> > echo "Set TCP keepalive time to 180 seconds"
> > echo 180 > /proc/sys/net/ipv4/tcp_keepalive_time
> >
> > to your /etc/rc.d/rc.local file and rebooting.
> >
> > Please let me know if that is the problem.
> Hey, thanks Bob. I don't know if this helped Michael, but it sure
> helped me. I've been noticing all sorts of dropped connections (SSH,
> AIM Chats, Xwin, etc) from home that I don't see at other locations.
> Shortening my keepalive eliminated the problems. This certainly has
> something to do with my Linksys AP. What is the reasoning behind
> dropping so low to 180 (from 7200)? Can their be any side affects?
I dropped it that low because a client's junk firewall has such a low
timeout. Besides, a pair of packets every 180 seconds is a trivial
load.
> -Jim P.
Bob
More information about the Ale
mailing list