Keeping alive a SSH connection or in my case a multi-hop ssh tunnel to prevent timeout

A few months ago I wrote an article on how to create a multi-hop SSH tunnel between 3 machines

Since then I have been using this a lot for one of the projects I'm working on but I was annoyed that whenever the connection went idle for more than 2 minutes (like if I was reading an article or answering an email) the connection will be dropped abruptly and I will have to start it all over again...

After playing a bit with SSH options and reading ssh man I finally found my salvation, that is the -o flag with 2 options :

Specifies whether the system should send TCP keepalive messages to the other side. If they are sent, death of the connection or crash of one of the machines will be properly noticed. However, this means that connections will die if the route is down temporarily, and some people find it annoying. On the other hand,if TCP keepalives are not sent, sessions may hang indefinitely on he server, leaving host users and consuming server resources. The default is "yes" (to send TCP keepalive messages), and the server will notice if the network goes down or the client host crashes. This avoids infinitely hanging sessions. To disable TCP keepalive messages, the value should be set to "no".
Sets a timeout interval in seconds after which if no data has been received from the server, ssh will send a message through the encrypted channel to request a response from the server. The default is 0, indicating that these messages will not be sent to the server. This option applies to protocol version 2 only.

Below is the line of code that I use to create my multi-hop SSH tunnel and to prevent it from getting disconnected when idle :

ssh -o TCPKeepAlive=no -o ServerAliveInterval=15 -v -L38080:localhost:38080 ufasoli@host1 -t ssh -o TCPKeepAlive=no -o ServerAliveInterval=15 -v -L38080:localhost:38080 ufasoli@host2 -t ssh -o TCPKeepAlive=no -o ServerAliveInterval=15 -v -L38080:localhost:8080 ufasoli@host3

Here I'm disabling the TCPKeepAlive option on all the SSH chained connections and sending a message through the tunnel every 15 seconds to keep the data flowing

Please note that disabling the TCPKeepAlive option might be frowned upon by your IT Linux Guru / System administrator since as stated in the manual can keep alive dead connections (like if you forget to close your connection) so be careful when using these options and do not forget to properly close your SSH connection / tunnel. Also as I always say, I'm no Linux Guru so I'm not aware of the possible side-effects of this options so use them at your own risk !

No comments:

Post a Comment

OSX show used ports or listening applications with their PID

On OSX you can display applications listening on a given port using the lsof the commands described below will show listening application...