Here is a free patch for OpenSSH (portable versions). You can freely use, distribute or modify this patch, create a new patch based on this patch, or incorporate this patch into your codes, all without fee. This patch is experimental, so, ``your own risk'' please. The author is not responsible for any damage caused by this patch.
This patch adds heartbeat (keepalive) function to ssh(1). If the output channel has been silent for more than a specified time, a null message (SSH_MSG_IGNORE) is sent to the server as heartbeat. Heartbeat is useful for keeping connections over IP masquerade / NAT boxes, firewalls, etc. The interval between heartbeats can be specified by
Heartbeat Nin the configuration file, where N denotes the interval in seconds. N=0 disables sending heartbeats. Although the interval between heartbeats is not very precise, it's okay. If you experience undesirable disconnections behind an IP masquerade box or a NAT box,
Heartbeat 1800or something may work.
Following ssh clients have similar function.
There have been at least three patches for OpenSSH and I thank all of the authors for giving me good hints about implementation.Note: Some old servers may crash when they receive SSH_MSG_IGNORE. Those who want to connect to such a server should turn this function off by the option setting (e.g. Heartbeat 0).
This patch also adds a watchdog timeout function to sshd(8). The combination of the heartbeat and the watchdog timeout is very useful for detecting link down over unreliable connections such as wireless network.
If the input channel has been silent for more than the specified
time, sshd(8) tries to kill the child process(es) as soon as
possible in order to protect server resources.
Since the heartbeats are sent over the encrypted channel
between the client and the server,
it's not easy to hijack the connection to keep
the user's processes running.
Unlike IdleTimeout supported by ssh.com SSH1,
this patch checks only incoming packets rather than
all packets. This makes it possible to terminate
user's login process even if the process continues
sending some data to the client.
The interval of timeout can be specified by
WatchdogTimeout Nin the configuration file, where N denotes the interval in seconds. N=0 disables the watchdog timeout function. Here's an example of the configuration pair for wireless gateways.
Heartbeat 5 # (in ssh_config) WatchdogTimeout 15 # (in sshd_config)
Both ssh.com SSH and OpenSSH have KeepAlive option. However, this option doesn't help because it utilizes SO_KEEPALIVE of socket and the timeout is extremely long (at least 2hrs). Therefore, we need a watchdog...
(Be sure to use GNU tar.)
% tar zxpf openssh-2.5.2p2-watchdog.patch2.tgz % tar zxpf openssh-2.5.2p2.tar.gz % cd openssh-2.5.2p2 % patch < ../openssh-2.5.2p2-watchdog.patch2 (Follow the instructions of OpenSSH.)