North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Question re. SSH

  • From: Eric Brandwine
  • Date: Wed Mar 20 14:35:07 2002

>>>>> "ss" == Steve Sobol <[email protected]> writes:

ss> Apologies in advance for any operational content this may contain.
ss> I have a customer who wants to get a static ip with his dialup. He
ss> uses SSH extensively and plans to do X11 forwarding, and if he
ss> gets disconnected and redials and gets another IP the previous
ss> sessions would be inaccessible.

ss> I can do static IP but I want to try to save the guy a couple
ss> bucks. :)

ss> Would a static IP be required to make sure he doesn't lose those
ss> X11 sessions after a disconnect?

Required, but not sufficient.

The TCP stack on each side must remain up continuously.  If his TCP
stack resets and he redials, the first packet he gets from the far end
will be met with an RST, and tear down the connection.

The easiest way to do this is to put the modem on a system different
from the SSH endpoint (router, NAT, FW, whatever).  If you are using a
NAT or FW in between, it's critical that the state/translation tables
not be flushed when the dial interface goes down/up.

Of course, if you're running TCP or ssh keepalives (or ssh2 rekeying),
and that happens when the link is down, your connection will go away

The proper way to do this is with an X analog of screen.  VNC is one
possibility.  VNC is free, and this would not require a static IP.

Then again, we're talking dialup here.  Your customer should do this a
couple of times before he gets dead set on it.  Even with LBX and
compression on the SSH session, X over dialup is unpleasant.

Eric Brandwine     |  The Windows NT philosophy always chooses ease - both
UUNetwork Security |  ease of use and ease of development - over security.
[email protected]       |
+1 703 886 6038    |      - Bruce Schneier
Key fingerprint = 3A39 2C2F D5A0 FC7C  5F60 4118 A84A BD5D  59D7 4E3E