Skip to main content.
12 October 2004

Prevent ssh connection timeouts

posted 9:30 PM UTC in Apple

The background:
I have an old bondi iMac at home which runs OS X. It also runs a VNC server so that I can connect to it from work (forwarded over ssh, of course) and check my personal mail, stay connected to IRC, and if necessary check our website from an outside connection.

The Mac sits behind a Linksys DSL router.

The problem:
As pointed out in the Linksys FAQ at Broadband Reports, some home routers will drop connections that go idle for two hours. This means I have to keep reconnecting to the machine at home if I want to maintain my VNC connection. Frequently, I’ll connect to the machine, check for anything interesting going on, and then hide the connection and continue working. When I try to pull up the VNC window later on, it rudely informs me that the connection has been lost. For shame!

The solution:
Change the TCP KeepAlive setting for OS X on the home computer, as mentioned in the above document. For OS X v10.3, this involves modifying the net.inet.tcp.keepidle value at the kernel level via sysctl, as shown here. Note that the value used represents an interval in seconds, and the value itself must be set to twice the number of seconds in the delay. I decided to set the value to one hour, or 3600 seconds, so in the Terminal, I typed:

sudo sysctl -w net.inet.tcp.keepidle=7200

Sure enough, even after leaving the connection idle for more than two hours, I was not disconnected. Hooray!

Now, this change isn’t permanent, and will be forgotten once the computer restarts. To make the change permanent, add this line to the /etc/sysctl.conf file in 10.3 (if it doesn’t already exist, just create a new one, but make sure it’s chowned to root:admin):

net.inet.tcp.keepidle=7200

It’s not really a good idea to set the KeepAlive time too low, as it could affect network latency and traffic. For my purposes, anything less than the default two hours is probably sufficient. I’ll test the one hour setting for a while to see if there are any ill effects.

Of course, this also means I need to actually remember to log out at the end of the day…

none

No Comments »

Follow any responses to this entry through the comments RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.