timeout ssh int to ext

Discussion in 'Cisco' started by Mr Ping, Oct 15, 2004.

  1. Mr Ping

    Mr Ping Guest

    Hi !

    We have Pix 515 and ios 6.1(1)

    If we run ssh from the internal lan through our pix to the external lan
    (internet) with ssh we get timeout.

    Here are some config:

    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
    0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute

    Any sugestion for change in our config?

    Regards Jan
     
    Mr Ping, Oct 15, 2004
    #1
    1. Advertisements

  2. :We have Pix 515 and ios 6.1(1)

    :If we run ssh from the internal lan through our pix to the external lan
    :(internet) with ssh we get timeout.

    How long until you get the timeout? Is it related to inactivity
    on the ssh connection, or does it happen more or less at random,
    perhaps even in the middle of activity?

    :Here are some config:

    :timeout xlate 0:05:00
    :timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
    :0:05:00 sip 0:30:00 sip_media 0:02:00
    :timeout uauth 0:05:00 absolute

    That configuration will time out any tcp connection after one day
    of inactivity. On the other hand, ssh clients and daemons usually
    send "keep-alive" messages unless those have been specifically turned
    off, and the keep-alives should keep the link going indefinitely.

    What ssh client and sshd server (and versions) are being used?
     
    Walter Roberson, Oct 16, 2004
    #2
    1. Advertisements

  3. Mr Ping

    Mr Ping Guest

    How long until you get the timeout? Is it related to inactivity
    I have not clock it, but i say 5-10 min.
    Yes it have to do with inactivity on the ssh connection.
    I am runing PuTTY on the client and FreeBDS 4.10 on the server.
    If i leave my ssh connection, and do anything it will close it.
    If run without the pix, there no problem.

    Regards Jan
     
    Mr Ping, Oct 16, 2004
    #3
  4. :> How long until you get the timeout? Is it related to inactivity
    :> on the ssh connection, or does it happen more or less at random,
    :> perhaps even in the middle of activity?

    :I have not clock it, but i say 5-10 min.
    :Yes it have to do with inactivity on the ssh connection.

    Do you happen to be using user authentication (AAA) with the PIX?
    I notice you have "timeout uauth 0:05:00 absolute", which is
    the default but would only come into play if user authentication
    was used.

    I notice you are using old software, PIX 6.1(1). That version
    has known security problems. Cisco offers a free upgrade within
    6.1 to fix the security issues... which will also happen to
    fix several bugs as well. I do not recall any bugs with timeouts,
    but I did not pay close attention during that timeframe. For
    information on obtaining the free upgrade, please see

    http://www.cisco.com/en/US/products/products_security_advisory09186a008021ba2f.shtml
     
    Walter Roberson, Oct 16, 2004
    #4
  5. :I have not clock it, but i say 5-10 min.
    :Yes it have to do with inactivity on the ssh connection.

    :I am runing PuTTY on the client and FreeBDS 4.10 on the server.

    According to a page I found, PuTTY has a keep-alive option
    in the Connection preferences, "Seconds between keepalives"
     
    Walter Roberson, Oct 16, 2004
    #5
  6. Mr Ping

    Mr Ping Guest

    Walter,

    I will try the Seconds between keepalives, and see if it works.
    Thanks !!!

    //Jan
     
    Mr Ping, Oct 18, 2004
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.