On 12/26/2019 02:47 PM, Gordon Messmer wrote:
> On 12/25/19 6:56 AM, H wrote:
>> I have tried to make sure the sshd configuration on all servers are 
>> identical but still have this problem. I can rule out a general problem with 
>> the router in my office since all connections are via that router, the only 
>> difference is that the problematic server is in the same building and the 
>> connection loops back via the same router but through an external IP address.
>
>
> When you say "external address," I assume you mean that your office network 
> is being NATed.  In that case, when you are connecting to systems outside 
> your network, the router is performing SNAT for your connections.  When you 
> connect to the system in your building, using an "external" address, your 
> router is probably performing both SNAT and DNAT for that connection. Your 
> router may have different timeouts on its SNAT and DNAT tables.  More than 
> likely, the timeout for DNAT is lower than the TCP keepalive time, and you're 
> seeing idle connections closed by the router.  You might be able to prevent 
> that by setting a ServerAliveInterval value in ~/.ssh/config.  It is disabled 
> by default, but should keep connections alive in your case, if it is set 
> lower than the timeout on the router.
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos

I now have additional information:

- I could not find any entries in /var/log/secure on the server either that 
related to disconnections.

- I am also being disconnected while doing ssh transfers, thus not only when 
the session is idle. No set time intervals but often as quickly as within 10 
minutes after establishing the ssh connection.

- Further - which I forgot to mention - when I connect from my workstation back 
to server on the same router using Cisco AnyConnect software terminating far, 
far away and then thus going back to same router, I have no problems with being 
disconnected when the connection is idle. Thus no general problem with the 
router or the hardware on the server itself.

- Finally, today I for the first time connected to the server using the 
internal 192.168.x.x. address and have after several hours of idle session not 
been disconnected.

Are my observations above still consistent with your hypothesis?

_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Reply via email to