Hi,

I've currently got rhel4 installed on an old HP Vectra, it's all running smooth except for SSH. I can ssh to the box from various locations with no problems, but after about 10 mins of inactivity the remote ssh session will freeze. As soon as I go to the location and log directly on the to the box, the remote ssh sessions become active again. I've tried switching off power management by doing the following.

$ service apmd stop
and

$ sysconfig apmd off


I'm using DHCP on my office LAN, here are the nic settings.

[root@shifty ~]# mii-tool -v
eth0: no autonegotiation, 100baseTx-HD, link ok
product info: vendor 00:00:00, model 0 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
link partner: 100baseTx-HD



I've tried copying the sshd_config file from a box that's working properly but obviously it made no difference.


Here's my sshd_config file.




[root@shifty ~]# cat /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 120
#PermitRootLogin yes
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt no

#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes

#MaxStartups 10
# no default banner path
Banner /etc/issue
#VerifyReverseMapping no

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server






I've run out of ideas so any help will be greatly appreciated.

Thanks in advance
All the best
Mick

First of all please make sure you can login to the box from an unprivileged user account using passphrase and then explicitly set the following options (regardless of your question and regardless of where the box resides):
Protocol 2
PermitRootLogin no
PasswordAuthentication no
If you want an explanation please lookup any threads about SSH in the Linux Security forum.


after about 10 mins of inactivity the remote ssh session will freeze
I have experienced similar. I tried using Login_keepalived but that didn't help (didn't pursue finding out why), backgrounded pingbacks (no help either). Now I use AutoSSH to keep tunnels alive and added ClientAliveInterval and ClientAliveCountMax to sshd_config which works (check your man sshd_config for ClientAliveInterval and ClientAliveCountMax).

Thanks very much for the tips, I'm beginning to think that it's something to do with the internal network, the same thing has started happening to a Solaris box that I've recently built which is also using DHCP. I might have to buy the network guys a couple of beers in the hope that they'll sort me out with a couple of static IP's.

Thanks again for your response, it's much appreciated.

All the best
Mick