I am attempting to set up remote access to my home computer via SSH with multiplexing. Here is the setup: from my laptop, I connect to a port on my modem; this port is forwarded to my router, which then forwards it to the local desktop and I authenticate with my key. Due to multiplexing, I can then open other connection to the home box without needed to re-authenticate. This all works just as I would expect it to.
However, a problem occurs when I reboot the laptop. If I reboot, then I can no longer SSH into the home box – attempting to do so hangs for a bit without prompting me to authenticate and then eventually times out.
I can resolve the issue my restarting the home box (though that requires physical presence, which rather defeats the point). I can also avoid triggering the issue if I disconnect the SSH connection gracefully with ssh -O exit $IP -p $PORT.
Given the above, I have two questions: First, is this intended behavior or have I run into a bug? And, second, is there any way I can avoid this issue? Thanks!
(This question is superficially similar to SSH multiplex timeout configuration, but that question is about the server being rebooted/unreachable whereas my question is about the client rebooting without gracefully signaling the end of the multiplexed connection.)
[EDIT]
As requested in a comment below, here is the (not super helpful) output of attempting to connect with the -vv flag. I have slightly redacted the output by replacing my IP, username and port with $IP, $USER, and$PORT`, respectively.
OpenSSH_8.1p1, LibreSSL 3.0.2
debug1: Reading configuration data /home/$USER/.ssh/config
debug1: /home/$USER/.ssh/config line 4: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolve_canonicalize: hostname $IP is address
debug1: auto-mux: Trying existing master
debug1: Control socket "/home/$USER/.ssh/$USER@$IP:$PORT" does not exist
debug2: ssh_connect_direct
debug1: Connecting to $IP [$IP] port $PORT.
debug1: connect to address $IP port $PORT: Connection timed out
ssh: connect to host $IP port $PORT: Connection timed out
When I don't trigger this bug, (and thus can successfully connect), the output with -vv is exactly the same, except that the Connection timed out line is replaced with a line stating debug1: Connection established and the connection then proceeds to authenticate normally.
Here is the entirety of my very basic .ssh/config file, in case it is relevant:
Host *
ControlMaster auto
ControlPath ~/.ssh/%r@%h:%p
ControlPersist yes
ServerAliveInterval 300
ServerAliveCountMax 2
RemoteForward 9999 localhost:22
Best Answer
After digging into this a bit more (and reading the excellent book SSH Mastery), I was able to resolve my issue: Even though I had set a
ServerAliveIntervalin my client.ssh/configfile, I had not set aClientAliveIntervalin my serversshd_configfile.As a result, the server was not timing out, and was maintaining the connection. In combination with the double-port-forwarding required to navigate my home network, this was occupying the (only) ports I had opened and preventing additional connections.
Adding a
ClientAliveInterval 10line to mysshd_configfile (and remembering to restart the sshd service withsudo pkill -1 sshdsolves the issue nicely. Hopefully this info can help others solve this issue quickly.