Johan Ribenfors <johan <at> dicam.org.uk> writes: > > Hi, > > We have upwards of 70 embedded pcs running linux, and are trying to use > dropbear to set up ssh tunnels to our server. > > This is so we don't have to worry about dynamic ips, router configuration, > mesh networks or any other of the strange setups we've encountered. > > The command we are using is: > > dbclient -R <remoteport>:localhost:<localport> -I 60 -K 30 -g -T -N -f -i > <key> <user>@<host> > > If I've got the arguments correct, the -I should cause dbclient to exit if > it doesn't recieve any keep alive packets from the server within 60 > seconds. > > The -K should cause dbclient to send a packet every 30 seconds to prevent > routers etc from closing the connection. > > Generally, this seems to work. However, we occasionally get a situation > where the server has stopped listening on the relevant port, and dbclient > hasn't detected this and exited. > > Have I missunderstood the arguments, or missed a setting? > > This is Dropbear client v0.52 > > Thanks in advance. > > - Johan > >
Hi, I thought it was time I posted our solution. Farrell Aultman suggested a patch by Ahilan (http://comments.gmane.org/ gmane.network.ssh.dropbear/936) This compiled and ran fine - but didn't solve the problem. The server (OpenSSH) would still drop the occasional connection and dropbear wouldn't notice. I might be using it incorrectly, (I hope I am) but don't think so. Just to make it difficult, when testing dropping the connection on the server - with -A or -I - dropbear _always_ notices. We ended up with a workaround, rather than a proper solution. The server knows what connections should be open, and maintains a list of the ones that aren't. Each site (embeded pc) has a cronjob that runs every minute and queries the server for the currently _inactive_ connections. It then restarts those connections locally. Worst case, a tunnel is down for a minute. I have a feeling someone else has posted this approach in the mailing lists already. It felt clunky when I read it then, and feels clunky now. But much as I'd like a proper solution, this one works. - Johan