| View previous topic :: View next topic |
| Author |
Message |
smg
Veteran
Joined: 13 Aug 2004
Posts: 1402
Location: /home/stephan
|
 Posted: Wed Feb 08, 2006 5:34 pm Post subject: SSH Connection reseted by PEER? |
 |
|
Hi!
Seitdem ich mein Openssl updated habe, wird meine Connection reseted by Peer über SSH wenn ich so ca. 2-3 mins keine aktivität habe.
Ist das normal? Wenn ja wo kann man den Müll ausschalten?
Bye.
_________________
GnuPG-Key-ID: 0xF8C275D4
Fingerprint: 5B6F 134A 189B A24D 342B 0961 8D4B 0230 F8C2 75D4
| Code: | | perl -WTe '($")=$/;print qq(@{[reverse('0'..'100')]}$/BOOM!$/);' |
|
|
| Back to top |
|
 |
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
| Posted: Wed Feb 08, 2006 6:17 pm Post subject: |
|
|
Sollte eigentlich unabhängig voneinander sein - SSH hat erstmal nix mit SSL zu tun.
Welche Versionen hast du denn?
emerge -evp openssl openssh
grep live /etc/ssh/sshd_config
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
smg
Veteran
Joined: 13 Aug 2004
Posts: 1402
Location: /home/stephan
|
| Posted: Wed Feb 08, 2006 6:21 pm Post subject: |
|
|
stephan stephan # emerge -pv openssl openssh
These are the packages that I would merge, in order:
Calculating dependencies ...done!
[ebuild R ] dev-libs/openssl-0.9.7i -bindist -emacs -test +zlib 0 kB
[ebuild R ] net-misc/openssh-4.2_p1-r1 -X509 -chroot -hpn +ipv6 -kerberos +ldap* -libedit +pam (-selinux) -sftplogging -skey -smartcard -static +tcpd 58 kB
TCPKeepAlive yes
#ClientAliveInterval 0
ClientAliveInterval 180
#ClientAliveCountMax 3
_________________
GnuPG-Key-ID: 0xF8C275D4
Fingerprint: 5B6F 134A 189B A24D 342B 0961 8D4B 0230 F8C2 75D4
| Code: | | perl -WTe '($")=$/;print qq(@{[reverse('0'..'100')]}$/BOOM!$/);' |
|
|
| Back to top |
|
|
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
| Posted: Wed Feb 08, 2006 6:46 pm Post subject: |
|
|
Ist da ein NAT-Host im Spiel zwischen Server und Client?
setz mal auf dem Client /proc/sys/net/ipv4/tcp_keepalive_time auf einen Wert um die 120 Sekunden (sollte 7200 per default sein)
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
smg
Veteran
Joined: 13 Aug 2004
Posts: 1402
Location: /home/stephan
|
| Posted: Wed Feb 08, 2006 6:56 pm Post subject: |
|
|
| Think4UrS11 wrote: | Ist da ein NAT-Host im Spiel zwischen Server und Client?
setz mal auf dem Client /proc/sys/net/ipv4/tcp_keepalive_time auf einen Wert um die 120 Sekunden (sollte 7200 per default sein) |
Ja.. Ich habe hier einen Netgear Router.. Der ist zwischen Server und Homepc..
Also einfach das höher setzen?
Bye.
_________________
GnuPG-Key-ID: 0xF8C275D4
Fingerprint: 5B6F 134A 189B A24D 342B 0961 8D4B 0230 F8C2 75D4
| Code: | | perl -WTe '($")=$/;print qq(@{[reverse('0'..'100')]}$/BOOM!$/);' |
|
|
| Back to top |
|
|
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
| Posted: Wed Feb 08, 2006 7:06 pm Post subject: |
|
|
| smg wrote: | | Also einfach das höher setzen? |
Nö niedriger (120 << 7200) 
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
smg
Veteran
Joined: 13 Aug 2004
Posts: 1402
Location: /home/stephan
|
| Posted: Wed Feb 08, 2006 7:07 pm Post subject: |
|
|
| Think4UrS11 wrote: | | smg wrote: | | Also einfach das höher setzen? |
Nö niedriger (120 << 7200) |
Eh mein ich ja 
Wieso aber das nach dem Update so ist, ist mir definitiv ein Rätsel!
Ich teste das jetzt mal *10 mins kein netput über ssh mach*
Bis gleich.
_________________
GnuPG-Key-ID: 0xF8C275D4
Fingerprint: 5B6F 134A 189B A24D 342B 0961 8D4B 0230 F8C2 75D4
| Code: | | perl -WTe '($")=$/;print qq(@{[reverse('0'..'100')]}$/BOOM!$/);' |
|
|
| Back to top |
|
|
smg
Veteran
Joined: 13 Aug 2004
Posts: 1402
Location: /home/stephan
|
| Posted: Wed Feb 08, 2006 7:17 pm Post subject: |
|
|
So so, jetzt hab ich 15 Minuten keinen Network Traffic over SSH produziert, und er timet nicht out.. Ist das ein gutes Zeichen?
Wie sieht das mit dem /proc aus? Muss ich sicher in local.rc stecken oder?
Bye.
_________________
GnuPG-Key-ID: 0xF8C275D4
Fingerprint: 5B6F 134A 189B A24D 342B 0961 8D4B 0230 F8C2 75D4
| Code: | | perl -WTe '($")=$/;print qq(@{[reverse('0'..'100')]}$/BOOM!$/);' |
|
|
| Back to top |
|
|
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
| Posted: Wed Feb 08, 2006 7:31 pm Post subject: |
|
|
/etc/sysctl.conf
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
smg
Veteran
Joined: 13 Aug 2004
Posts: 1402
Location: /home/stephan
|
| Posted: Wed Feb 08, 2006 7:33 pm Post subject: |
|
|
| Code: | 53 net.ipv4tcp_keepalive_time = 120$
|
So?
Bye.
_________________
GnuPG-Key-ID: 0xF8C275D4
Fingerprint: 5B6F 134A 189B A24D 342B 0961 8D4B 0230 F8C2 75D4
| Code: | | perl -WTe '($")=$/;print qq(@{[reverse('0'..'100')]}$/BOOM!$/);' |
|
|
| Back to top |
|
|
|
Deutsches Forum (German)
