[46208] in North American Network Operators' Group
Re: Question re. SSH
daemon@ATHENA.MIT.EDU (Eric Brandwine)
Wed Mar 20 14:33:13 2002
To: Steve Sobol <sjsobol@JustThe.net>
Cc: nanog@nanog.org
From: Eric Brandwine <ericb@UU.NET>
Date: 20 Mar 2002 19:31:19 +0000
In-Reply-To: Steve Sobol's message of "Wed, 20 Mar 2002 11:50:22 -0500"
Message-ID: <gu93cyvdojc.fsf@marvin.argfrp.us.uu.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Errors-To: owner-nanog-outgoing@merit.edu
>>>>> "ss" == Steve Sobol <sjsobol@JustThe.net> writes:
ss> Apologies in advance for any operational content this may contain.
ss> I have a customer who wants to get a static ip with his dialup. He
ss> uses SSH extensively and plans to do X11 forwarding, and if he
ss> gets disconnected and redials and gets another IP the previous
ss> sessions would be inaccessible.
ss> I can do static IP but I want to try to save the guy a couple
ss> bucks. :)
ss> Would a static IP be required to make sure he doesn't lose those
ss> X11 sessions after a disconnect?
Required, but not sufficient.
The TCP stack on each side must remain up continuously. If his TCP
stack resets and he redials, the first packet he gets from the far end
will be met with an RST, and tear down the connection.
The easiest way to do this is to put the modem on a system different
from the SSH endpoint (router, NAT, FW, whatever). If you are using a
NAT or FW in between, it's critical that the state/translation tables
not be flushed when the dial interface goes down/up.
Of course, if you're running TCP or ssh keepalives (or ssh2 rekeying),
and that happens when the link is down, your connection will go away
anyway.
The proper way to do this is with an X analog of screen. VNC is one
possibility. VNC is free, and this would not require a static IP.
Then again, we're talking dialup here. Your customer should do this a
couple of times before he gets dead set on it. Even with LBX and
compression on the SSH session, X over dialup is unpleasant.
ericb
--
Eric Brandwine | The Windows NT philosophy always chooses ease - both
UUNetwork Security | ease of use and ease of development - over security.
ericb@uu.net |
+1 703 886 6038 | - Bruce Schneier
Key fingerprint = 3A39 2C2F D5A0 FC7C 5F60 4118 A84A BD5D 59D7 4E3E
