S/K-Series f/w 8.x Adjustment of SSH Client Alive settings

  • 0
  • 1
  • Article
  • Updated 4 years ago
  • (Edited)
Article ID: 15066 

Products
S-Series, firmware 8.02.01.0012 and higher
K-Series, firmware 8.02.01.0012 and higher

Symptoms
Unused SSH-based management session is timing out instead of remaining open and available as desired.
"Connection reset by peer"

Solution/Workaround
Introduced as of firmware 7.41.02.0014, "ClientAlive" messaging keeps SSH sessions open in the absence of user data entry. The SSH server (the switch) does this by generating a null packet to the SSH client (the user's application, e.g. PuTTY) every ClientAliveInterval of no activity, expecting a response. If a response is received then the connection has been refreshed throughout its length. In the absence of a response from the client, the server repeats this process up to ClientAliveCount times. After that, if there is still no user activity and no response from the user's SSH client application, the session is assumed to be unrecoverable and the SSH connection is closed by the server. The default is 30 seconds for the ClientAliveInterval, and 5 retries of that interval for the ClientAliveCount. By this means, even the most time-sensitive of intermediate devices (e.g. NAT/ Firewalls) continue to recognize the session as active during periods of no user activity, as long as the user's SSH client application is still responding and the local system logout time (ten minutes by default; 7341) has not expired.

As of firmware 8.02.01.0012, the defaults remain unchanged but are now configurable by means of the new 'set ssh client...' command set.

Release notes state, in the 'SSH Feature Enhancements in 8.02.01.0012' section:
SSH CLI now supports configuration of keep alive count and interval. This may be used to reduce likelihood that ssh clients like 'putty' will cause a disconnect when they fail to maintain keep alive protocol. (Due to a bug in putty this protocol is not run while holding the putty scroll bar down or accessing the putty configuration screens.)

If the user finds that the default settings are not in all cases adequate to keep inactive but desirable SSH sessions from dropping out over time, some adjustment may be in order, to make the ClientAlive messaging a little more frequent.

For example:
set ssh client alive-interval 2<br>set ssh client alive-count 2

Even if a long logout time (e.g. 'set logout 25 default'; 7341) is configured on the switch, the adjusted ClientAlive messaging should keep the session from going stale across a remote network.

Note that the 'set logout...' command refers to minutes, while the 'set ssh client alive-interval...' command refers to (0 - 2147483647) seconds and the 'set ssh client alive-count...' command refers to (0 - 2147483647) alive-intervals.
Any changes made will not affect SSH sessions already started, but will affect future SSH sessions.

Also see this HowTo Video.
Photo of FAQ User

FAQ User, Official Rep

  • 13,620 Points 10k badge 2x thumb

Posted 4 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.