On 24.04.24 16:15, Guilhem Moulin wrote:
Control: tag -1 unreproducible moreinfo
Hi,
On Wed, 24 Apr 2024 at 14:42:43 +0200, Lee Garrett wrote:
After some debugging, it turns out that ServerAliveInterval != 0 will cause the
ssh client to reset the connection, which dropbear will count as unlock attempt,
and after three tries it will fail and drop to initramfs shell, after which it's
not reachable anymore.
AFAICT dropbear does support timeout messages (see -K in the manual).
I'm unable to reproduce the issue anyway, do you start dropbear with -I?
Can you try to start your client with -oLogLevel=DEBUG3 to see why the
connection is terminated (from the client's perspective)? Also to take
cryptroot out of the picture you could try using `cat -A` as the remote
command.
Although the dropbear man page is not explicit, I'm assuming it refers to TCP
keepalive.
The settings ServerAliveCountMax and ServerAliveInterval on the ssh client
however explicitely refer to SSH keepalive. To quote the man page:
"Sets the number of server alive messages (see below) which may be sent without
ssh(1) receiving any messages back from the server. If this threshold is
reached while server alive messages are being sent, ssh will disconnect from the
server, terminating the session. It is important to note that the use of server
alive messages is very different from TCPKeepAlive (below)."
It should be trivially reproducible by running `ssh -o ServerAliveCountMax=3 -o
ServerAliveInterval=1 root@yourdropbearserver`. The client should then
disconnect after 3 seconds.
