SSH timeout

[achianese]

Hello,

I have a synchronization task between a client and my FreeNAS 9.10-STABLE machine that runs unison over ssh. The comparison takes about 20 minutes, which would cause ssh to timeout with the default settings. In a previous version of FreeNAS, adding "ClientAliveCountMax 100" to the SSH advanced settings in the GUI fixed the issue. With a recent update, the issue has reappeared. There was formerly a bug where the SSH advanced settings were not being applied:

https://bugs.freenas.org/issues/5989

I used to be able to work around this by adding that line to /etc/ssh/sshd_config, then running "service sshd restart" after every reboot. Now, that doesn't work, giving the error:

Cannot 'restart' sshd. Set sshd_enable to YES in /etc/rc.conf or use 'onerestart' instead of 'restart'.

Has the implementation of ssh server changed? Does anyone know how to manually change the ssh settings?

Here are some older threads on this topic from former versions:

https://forums.freenas.org/index.php?threads/changing-a-line-in-sshd_config.23258/
http://forums.freenas.org/index.php?threads/sshd_config-tweaking.10428/#post-46828

 

[Vito Reiter]

Start a tmux session, so it'll stay up and you can resume with tmux if it times out. Also, I just use Putty, but tmux is basically what you're looking for.

 

[achianese]

Thanks, but I'm not sure that will work. Unison executes on Windows and connects to the server via ssh. (And it runs as a scheduled task).

 

[dlavigne]

I used to be able to work around this by adding that line to /etc/ssh/sshd_config, then running "service sshd restart" after every reboot. Now, that doesn't work, giving the error:

Cannot 'restart' sshd. Set sshd_enable to YES in /etc/rc.conf or use 'onerestart' instead of 'restart'.

Does it work if you stop and start the SSH service in Services?

 

[achianese]

Thanks, dlavigne. Using the GUI does work to stop and start the SSH service. However, it doesn't appear that the change in settings in /etc/ssh/sshd_config takes hold. I still see the timeout even with "ClientAliveCountMax 100". I also tried adding a port in addition to 22 to see if that would work (manually editing sshd_config and then restarting SSH in the GUI), and it didn't seem to either.

 

[dlavigne]

However, it doesn't appear that the change in settings in /etc/ssh/sshd_config takes hold.

That makes sense as anything done outside of the GUI doesn't get saved to the config db. Instead, add that line in the Extra Options field of the SSH service.

 

[achianese]

Instead, add that line in the Extra Options field of the SSH service.

Yes, that's what I did originally. It used to work, but it stopped working after a recent update. I think that the Extra Options are broken.

 

[dlavigne]

Before creating a bug about that, can you confirm what happens in /etc/ssh/sshd_config when you add a line to Extra Options and restart the SSH service? Does the line show up at all?

 

[achianese]

Ok, I confirmed that. Neither "ClientAliveCountMax 100" nor "Port 65005" was added into sshd_config when I added it to Extra Options, then turned the SSH service off and on in the GUI.

I shouldn't have to reboot the machine, right?

 

[dlavigne]

Correct. Please create a report at bugs.freenas.org and post the issue number here.

 

[achianese]

Thanks, I created the bug report:

https://bugs.freenas.org/issues/24066

 

[achianese]

Update: After submitting the bug report, William Grzybowski noted that the sshd configuration has moved to /usr/local/etc/ssh/sshd_config. That file was actually getting the proper updates. Once I was able to confirm that, I realized that the problem was that my sync comparison had grown until it was longer than the time the server was waiting (which is ClientAliveInterval * ClientAliveCountMax) in seconds. I increased the timeout and then it worked.

Thanks for your help.