oe7drt-website/content/posts/2024/70-stalled-ssh-connections/index.md

---
title: Stalled SSH connections
summary: >
  My pfSense removed valid connections obviosly.
  This is how I solved it.
  <small>The thumbnail was created with Google AI (Imagen 3).</small>
date: 2024-10-06T19:30:17+02:00
lastmod: 2024-12-17T17:24:02+0000
categories:
  - computerstuff
tags:
  - networking
  - pfSense
  - openssh
  - selfhost
---

I spent some time adjusting my SSH configuration because I often get stalled
connections to my servers but I never got that fixed until recently, when I
started looking in my firewall settings on the pfSense.

After changing the <kbd>Firewall Optimization Settings</kbd> within
<kbd>System</kbd> → <kbd>Advanced</kbd> → <kbd>Firewall & NAT</kbd> to
<kbd>Conservative</kbd> I had no more of these hangs of my SSH sessions.

![pfSense settings](pfsense-netopt-settings.png)

I use the `ControlMaster` setting in my SSH configuration so the stalled
connections have to be killed with something like

```console
$ ssh -O exit {short hostname}
```

every time -- which is annoying.

{{< alert "triangle-exclamation" >}}
**Update on December 17 2024:**  
A few changes to the SSH configuration on client and server have been made.
{{< /alert >}}

It got better, but I still experience the one or other hang.

I added/modified these entries within `Host *` in
<kbd>~/.ssh/config</kbd> on the client:

```apache
ServerAliveInterval 100
ServerAliveCountMax 10000
```

and made these changes/additions in <kbd>/etc/ssh/sshd_config</kbd>
on the server:

```apache
ClientAliveInterval 60
ClientAliveCountMax 10000
TCPKeepAlive yes
```
add and publish new post about the conservative firewall setting to not break ssh connections 2024-10-06 20:33:08 +02:00			`---`
			`title: Stalled SSH connections`
			`summary: >`
update older post with fresh thumbnail 2024-11-17 12:18:44 +01:00			`My pfSense removed valid connections obviosly.`
add and publish new post about the conservative firewall setting to not break ssh connections 2024-10-06 20:33:08 +02:00			`This is how I solved it.`
update older post with fresh thumbnail 2024-11-17 12:18:44 +01:00			`<small>The thumbnail was created with Google AI (Imagen 3).</small>`
add and publish new post about the conservative firewall setting to not break ssh connections 2024-10-06 20:33:08 +02:00			`date: 2024-10-06T19:30:17+02:00`
reformat date on old post 2024-12-17 18:24:02 +01:00			`lastmod: 2024-12-17T17:24:02+0000`
add and publish new post about the conservative firewall setting to not break ssh connections 2024-10-06 20:33:08 +02:00			`categories:`
			`- computerstuff`
			`tags:`
			`- networking`
			`- pfSense`
			`- openssh`
			`- selfhost`
			`---`

			`I spent some time adjusting my SSH configuration because I often get stalled`
			`connections to my servers but I never got that fixed until recently, when I`
			`started looking in my firewall settings on the pfSense.`

			`After changing the <kbd>Firewall Optimization Settings</kbd> within`
			`<kbd>System</kbd> → <kbd>Advanced</kbd> → <kbd>Firewall & NAT</kbd> to`
			`<kbd>Conservative</kbd> I had no more of these hangs of my SSH sessions.`

adds image to the recent post 2024-10-06 21:10:37 +02:00			`![pfSense settings](pfsense-netopt-settings.png)`

add and publish new post about the conservative firewall setting to not break ssh connections 2024-10-06 20:33:08 +02:00			I use the `ControlMaster` setting in my SSH configuration so the stalled
			`connections have to be killed with something like`

			```console
			`$ ssh -O exit {short hostname}`
			```

			`every time -- which is annoying.`
update old SSH post 2024-12-08 12:12:01 +01:00
			`{{< alert "triangle-exclamation" >}}`
reformat date on old post 2024-12-17 18:24:02 +01:00			`Update on December 17 2024:`
updates older post 2024-12-17 16:16:01 +01:00			`A few changes to the SSH configuration on client and server have been made.`
update old SSH post 2024-12-08 12:12:01 +01:00			`{{< /alert >}}`
updates older post 2024-12-17 16:16:01 +01:00
			`It got better, but I still experience the one or other hang.`

			I added/modified these entries within `Host *` in
			`<kbd>~/.ssh/config</kbd> on the client:`

			```apache
			`ServerAliveInterval 100`
			`ServerAliveCountMax 10000`
			```

			`and made these changes/additions in <kbd>/etc/ssh/sshd_config</kbd>`
			`on the server:`

			```apache
			`ClientAliveInterval 60`
			`ClientAliveCountMax 10000`
			`TCPKeepAlive yes`
			```