Russell Coker wrote:
On my home network with a 512M system as the gateway I had problems with connection loss until I configured ssh (the only thing that holds long idle connections) to use ssh protocol keep alives (I never tested with TCP keep alives as I don't think they are useful for ssh - or any other protocol that supports checks).
FWIW, here are the relevant notes from my .ssh/config: [...] Host * [...] # Perform keepalive pings at the SSH layer, not the TCP layer. # # russm> twb: TCPKeepalive is spoofable at the TCP layer, where ServerAliveFoo sends ssh ping commands inside the encrypted connection # twb> why does it matter if someone spoofs a keepalive? # russm> they could attack your routing and hijack the connection without you noticing that the other end had actually gone away # russm> whether that's a problem depends on what you're doing with the connection, of course # russm> if you're expecting asynchronous data to come back, then you'd never notice the other end was gone # russm> if you're doing interactive, or request/response then obviously you'd notice at a higher layer (perhaps the human layer) ServerAliveInterval 30 ServerAliveCountMax 10 TCPKeepAlive no