Re: SSH extremely quickly dropped from T-Mobile phone hotspot
Hmm, it doesn't matter about anything you just said. First tenet of security: If physical security cannot be maintained, all security is immediately compromised. Period. This server I am renting may not be under the control of whom I think I am paying. How could I possibly know? This server is Intel based. Possibly no more than a coincidence, but immediately after joining a pro-constitutional group, both my phone and laptop needed BIOS updates. Hardware flaws in both AMD and Intel that have NO software mitigations exist and that cannot be detected exist. This is just the world we live in. I'm not a criminal and I have no secrets whatsoever to hide. I use OpenBSD because I am a bit of a perfectionist myself. Pure, clean code earns my utter respect. That security is a by-product is superb. So, for my part, that's that. Unless anyone has some useful help beyond what I've already heard, this discussion is over on my part. Let's free up the list for other's needs Chris Bennett
Re: SSH extremely quickly dropped from T-Mobile phone hotspot
On 16 September 2018 at 00:45, Chris Bennett wrote: > I get the same internal NAT'ed IP4 address every time, but my public IP4 > address differs over time. > > I don't like the idea at all of keeping an open ssh session going on > without having my equipment on and me nearby. I don't think you understand how ssh works (unless you have a belief that the underlying cryptography is insecure, at which point, it's unclear how any of this is then relevant to T-Mobile US). It's irrelevant what IPv4 addresses you have, since it all has to pass through NAT on your device as well as CGNAT at the carrier level, with the state of the established connections expiring within minutes of disuse. The reason your SSH connections break is because the underlying TCP connections must be kept alive for the CGNAT to work on a keep-state basis; this can only be accomplished by either sending more packets all the time to make sure the state never expires whilst you're still using your session (e.g., the `ssh -oServerAliveInterval=240 …` and such), or by getting rid of all types of keep-state NAT and ensuring there's no stateful firewall in place (and, for this, I've already confirmed that it works just fine over T-Mobile US IPv6 with TCP connections remaining open for 1h and more, whereas the IPv4 connections indeed expire after only a few minutes due to the state-based NAT). C.
Re: SSH extremely quickly dropped from T-Mobile phone hotspot
On Sun, Sep 16, 2018 at 2:50 AM Chris Bennett wrote: > See, I'm a US citizen in a country that has these nasty FISA courts and > a variety of new-ish unconstitutional laws that allow the President and > others to plant fake content on my server, snatch me up, deny me a > lawyer, detain me forever and kill me without cause. > > Did I forget to mention that all the ISPs I have used, including > T-Mobile take my search requests sent to https, yes https://google.com > and know what those search terms were? > > I guess I'm just a paranoid without cause?? So, yeah, and no, and yeah... We've got problems, and some of them are people in government and some of the are people in business and some of them are our in our laws. But you can be almost certain that some of them are in how stuff gets reported. >From my point of view, the unconstitutional (aka: illegal) law which bothers me the most are the copyright laws which favor Walt Disney's grandchildren at the expense of the constitutional rationale for copyright. The kind of thinking which got us those laws have played a part in building out our low income city populations and creating the economic conditions which favored shipping most of our industrial jobs overseas. But there's other factors, also, including bad economic theory being taught globally [the "efficient market hypothesis"] and child labor laws being used as an excuse to raise kids to be helpless adults. So what we see a lot of are coping mechanisms and people being forced to cheat the system and people reacting to that with more coping measures. But it doesn't take cracking https for your google searches to get sold to the phone company. All that needs is high priced people in Google who are great at saying good things about themselves setting up business arrangements which will trade Google's past reputation and established abilities for a few years of increased salary. Anyways, we've got problems, but a lot of them are that you can no longer expect people's motivations to work like they used to, because cultures are having to adapt to a global situation where laws of any one country can't be enforced on anything having to do with communications. So major countries which relied on enforcing laws on communications to keep their powerful people powerful have to resort to deploying their manpower to make that happen if they want to stay in power. And those kinds of countries have never relied on technological approaches, because that kind of power isn't capable of developing technology and has never seen the need to do so -- instead, it copies and copes while doing so. But it doesn't help that we've been getting a lot of things wrong for a long time (like bad economic theory, for example), leaving us in the position of having critical holes in our institutions which are trivial to exploit. So... yeah, and no, and yeah... -- Raul
Re: SSH extremely quickly dropped from T-Mobile phone hotspot
I get the same internal NAT'ed IP4 address every time, but my public IP4 address differs over time. I don't like the idea at all of keeping an open ssh session going on without having my equipment on and me nearby. See, I'm a US citizen in a country that has these nasty FISA courts and a variety of new-ish unconstitutional laws that allow the President and others to plant fake content on my server, snatch me up, deny me a lawyer, detain me forever and kill me without cause. Did I forget to mention that all the ISPs I have used, including T-Mobile take my search requests sent to https, yes https://google.com and know what those search terms were? I guess I'm just a paranoid without cause?? Nevertheless, I do appreciate all advice and will look into it anyway. I like to learn things and never ignore anything people teach me. Even if I disagree at the time, I often wish I had been wise enough to follow previous advice. I really don't know crap about IP6 and need to catch up with the times. As always, sometimes I come across as sounding rude or discourteous without intending to, so if I have, I apologize. I thank several people on tech@ for pointing that out to me a good while back. Thanks, Chris Bennett
Re: SSH extremely quickly dropped from T-Mobile phone hotspot
You can also just set client keepalives. Set TCPKeepAlive in ~/.ssh/config. This has solved a bunch of random timeout problems due to carrier NAT or similar. On Sat, Sep 15, 2018 at 15:36 Constantine A. Murenin wrote: > On 15 September 2018 at 09:50, Chris Bennett < > cpb_m...@bennettconstruction.us> wrote: > > > I am using my phone's hotspot, which may or may not be secure, but is > > not censoring my choice of sites to visit. Public WiFi in the USA does > > so all over the place. Worse, when I lived in Washington State, I was > > next to a Naval Air Station, which certainly eavesdrops, not OK, but > > this is the land of the free? Now I am living in the Capital of Texas, > > Austin which also leaves public WiFi under the same problems > > (legislature meets here). > > > > I cannot maintain an SSH connection unattended long enough to go to the > > bathroom and get a cup of coffee without the connection being dropped > > halfway through reading my email. > > > > Is autossh the right choice or is there a better way? > > The flow of data seems to be the problem. A static page disconnects. > > > > Thanks, > > Chris Bennett > > > > I also have T-Mobile US, and I cannot reproduce your problem. > > In fact, because my laptop gets a public IPv6 address from T-Mobile US — a > standard feature in Android 7.1.1, where you get at least a whole /64 from > the carrier — I can put it to sleep, disable AndroidAP, go get coffee, > lunch, dinner, or attend a meetup, or all of the above, come back home, > turn AndroidAP back on, turn my laptop on, and my vanilla ssh connection > will come back to live after a single keystroke (provided the phone was > never turned off and didn't itself lose network connectivity, e.g., still > has the same /64 assigned to itself). > > I did have to configure my laptop to `sysctl -w > net.inet6.ip6.prefer_tempaddr=0`, and also make sure I'm not running > something that'd be constantly refreshing the screen of the terminal I'm > accessing through ssh, e.g., you definitely do have to disconnect tmux with > the timestamp before you attempt this, and doing socks proxying would > obviously interfere with it as well if any connections remain open when you > attempt to turns things off like that, and — viola, problem solved. > > So, my suggestion — move to IPv6 for the killer features, and stop worrying > about the disconnects. > > But if you don't have a public IP address on your laptop and do get your > internet through NAT/CGNAT and/or a stateful firewall, then you might have > to play with `-oServerAliveInterval=480` or some such, as per > http://mdoc.su/o/ssh_config.5, but, otherwise, this option is actually not > only unnecessary, but is, in fact, harmful, as it may "detect" brief > periods of connectivity loss that you don't necessarily care about. > > P.S. Another option, if you don't necessarily care about scrolling, and/or > already use tmux within your ssh, is to use http://ports.su/net/mosh. > Personally, I prefer straight ssh through IPv6 to mosh, although sometimes > it does cause me to use my AndroidAP even in venues where the public > internet is available. > > Cheers, > Constantine.SU. >
Re: SSH extremely quickly dropped from T-Mobile phone hotspot
On 15 September 2018 at 09:50, Chris Bennett < cpb_m...@bennettconstruction.us> wrote: > I am using my phone's hotspot, which may or may not be secure, but is > not censoring my choice of sites to visit. Public WiFi in the USA does > so all over the place. Worse, when I lived in Washington State, I was > next to a Naval Air Station, which certainly eavesdrops, not OK, but > this is the land of the free? Now I am living in the Capital of Texas, > Austin which also leaves public WiFi under the same problems > (legislature meets here). > > I cannot maintain an SSH connection unattended long enough to go to the > bathroom and get a cup of coffee without the connection being dropped > halfway through reading my email. > > Is autossh the right choice or is there a better way? > The flow of data seems to be the problem. A static page disconnects. > > Thanks, > Chris Bennett > I also have T-Mobile US, and I cannot reproduce your problem. In fact, because my laptop gets a public IPv6 address from T-Mobile US — a standard feature in Android 7.1.1, where you get at least a whole /64 from the carrier — I can put it to sleep, disable AndroidAP, go get coffee, lunch, dinner, or attend a meetup, or all of the above, come back home, turn AndroidAP back on, turn my laptop on, and my vanilla ssh connection will come back to live after a single keystroke (provided the phone was never turned off and didn't itself lose network connectivity, e.g., still has the same /64 assigned to itself). I did have to configure my laptop to `sysctl -w net.inet6.ip6.prefer_tempaddr=0`, and also make sure I'm not running something that'd be constantly refreshing the screen of the terminal I'm accessing through ssh, e.g., you definitely do have to disconnect tmux with the timestamp before you attempt this, and doing socks proxying would obviously interfere with it as well if any connections remain open when you attempt to turns things off like that, and — viola, problem solved. So, my suggestion — move to IPv6 for the killer features, and stop worrying about the disconnects. But if you don't have a public IP address on your laptop and do get your internet through NAT/CGNAT and/or a stateful firewall, then you might have to play with `-oServerAliveInterval=480` or some such, as per http://mdoc.su/o/ssh_config.5, but, otherwise, this option is actually not only unnecessary, but is, in fact, harmful, as it may "detect" brief periods of connectivity loss that you don't necessarily care about. P.S. Another option, if you don't necessarily care about scrolling, and/or already use tmux within your ssh, is to use http://ports.su/net/mosh. Personally, I prefer straight ssh through IPv6 to mosh, although sometimes it does cause me to use my AndroidAP even in venues where the public internet is available. Cheers, Constantine.SU.
Re: SSH extremely quickly dropped from T-Mobile phone hotspot
On Sat, Sep 15, 2018 at 08:38:26PM +, Stuart Henderson wrote: > Perhaps your carrier's NAT has a quick timeout. > > Try these sysctls: > > net.inet.tcp.always_keepalive=1 > net.inet.tcp.keepidle=60 > > There are ssh-specific keepalives too, but I bet it affects other > protocols too (ftp etc) so the general one is likely to be a better > choice. > Thanks, I will do this. The ssh advice worked. BUT, I am supposed to be getting 4GLTE for my hotspot versus 3G that others offer. I'm not at all happy with throughput in general. I will report back after some testing for a few days and locations. If I get a wham-bam huge difference, then I'll report back right away! Thanks everyone for the help. I'm already moving forward! Chris Bennett
Re: SSH extremely quickly dropped from T-Mobile phone hotspot
On 2018-09-15, Chris Bennett wrote: > I am using my phone's hotspot, which may or may not be secure, but is > not censoring my choice of sites to visit. Public WiFi in the USA does > so all over the place. Worse, when I lived in Washington State, I was > next to a Naval Air Station, which certainly eavesdrops, not OK, but > this is the land of the free? Now I am living in the Capital of Texas, > Austin which also leaves public WiFi under the same problems > (legislature meets here). > > I cannot maintain an SSH connection unattended long enough to go to the > bathroom and get a cup of coffee without the connection being dropped > halfway through reading my email. Perhaps your carrier's NAT has a quick timeout. Try these sysctls: net.inet.tcp.always_keepalive=1 net.inet.tcp.keepidle=60 There are ssh-specific keepalives too, but I bet it affects other protocols too (ftp etc) so the general one is likely to be a better choice.
Re: SSH extremely quickly dropped from T-Mobile phone hotspot
On 9/15/18, Dimitris Papastamos wrote: [snip] > Maybe worth lowering ServerAliveInterval in ssh_config and see if that > helps. ServerAliveInterval also needs to be set to non-zero because the default of zero is to not send the messages. Also in the event of a disconnection anyway, you can use while loop if you have your key in the ssh-agent. while ! ssh -t foobar.example.org 'tmux a || tmux'; sleep 1; done; /Lars
Re: SSH extremely quickly dropped from T-Mobile phone hotspot
On Sat, Sep 15, 2018 at 08:50:36AM -0700, Chris Bennett wrote: > I cannot maintain an SSH connection unattended long enough to go to the > bathroom and get a cup of coffee without the connection being dropped > halfway through reading my email. Maybe worth lowering ServerAliveInterval in ssh_config and see if that helps.
SSH extremely quickly dropped from T-Mobile phone hotspot
I am using my phone's hotspot, which may or may not be secure, but is not censoring my choice of sites to visit. Public WiFi in the USA does so all over the place. Worse, when I lived in Washington State, I was next to a Naval Air Station, which certainly eavesdrops, not OK, but this is the land of the free? Now I am living in the Capital of Texas, Austin which also leaves public WiFi under the same problems (legislature meets here). I cannot maintain an SSH connection unattended long enough to go to the bathroom and get a cup of coffee without the connection being dropped halfway through reading my email. Is autossh the right choice or is there a better way? The flow of data seems to be the problem. A static page disconnects. Thanks, Chris Bennett
