<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Fri, Aug 1, 2014 at 9:51 PM, Richard L. Hamilton <span dir="ltr"><<a href="mailto:rlhamil@smart.net" target="_blank">rlhamil@smart.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">While there are a couple of server (/etc/sshd_config) parameters for keepalives, I doubt they would force an idle timeout (notwithstanding a lot of people claiming that they will).</blockquote>
</div><br>TcpKeepAlive would, but it's almost always disabled and the timeout there is typically measured in hours.</div><div class="gmail_extra"><br></div><div class="gmail_extra">The ServerAlive*/ClientAlive* also would but is default disabled in clients, and I don't think Apple has changed this. (It's typically enabled in servers, but that only means that clients can request it; it will not do anything if the client has it disabled.)<br>
<br>Much more commonly than either of those, this is caused not by ssh configuration, but by a NAT gateway in between the systems; if the NAT table overflows, older connections will be lost (overwritten by newer connections), and attempting to use them after that will result in them dying immediately as the gateway, having forgotten about the connection, responds with an RST. Where OS X versions figure into this is that every OS X version uses more and more network sockets even when idle; I in particular found that 10.7 and later would *all by themselves* cause many older commodity router/NAT/WiFi gateways to overflow their NAT tables. (I've switched to loading DD-WRT on routers or buying ones that have it preloaded, although I expect newer commodity routers have larger tables because Windows has also expanded its network usage in later versions.)<br clear="all">
<div><br></div>-- <br><div dir="ltr"><div>brandon s allbery kf8nh sine nomine associates</div><div><a href="mailto:allbery.b@gmail.com" target="_blank">allbery.b@gmail.com</a> <a href="mailto:ballbery@sinenomine.net" target="_blank">ballbery@sinenomine.net</a></div>
<div>unix, openafs, kerberos, infrastructure, xmonad <a href="http://sinenomine.net" target="_blank">http://sinenomine.net</a></div></div>
</div></div>