Blog Home > FreeBSD Jails

Category Archives: FreeBSD Jails

SSH session timeout

Date published: February 18th, 2008
Posted in FreeBSD Jails, SSH | 2 Comments »

Have you ever noticed that on some Internet connections, ssh sessions will drop for no reason other than a lack of activity? I have noticed this when using ssh from some open access points and friends houses. The reason isn’t a poor internet connection but actually a poor router. Most home/office routers perform NAT to connect users on a private network to the public Internet. The router must keep table open of what connections are active, connecting local IP addresses to remote servers. The problem is that if a TCP session (such as ssh) doesn’t send data after awhile, the router will think it timed out and remove it from its NAT connections table. This results in a dropped ssh connection.

To workaround this, you can setup a keepalive on your ssh connection. The keepalive will send a heartbeat check between the client and server, so the session stays active and doesn’t look dormant. You can configure this in the Windows client, putty, or you can configure it in opensshd on your FreeBSD vps.

To set this up, edit /etc/ssh/sshd_config on your VPS or server and add:

ClientAliveInterval 300
ClientAliveCountMax 3

This will have sshd send a heartbeat every 5 minutes (300 seconds) and allow for up to 3 missed heartbeat responses before considering the session dead.

You must then restart sshd to apply the settings:

/etc/rc.d/sshd restart

Cheers

FreeBSD Mirror

Date published: September 28th, 2007
Posted in FreeBSD Jails, RootBSD | No Comments »

A few weeks ago we set up a local cvsup mirror for FreeBSD at mirror.rootbsd.net that is updated every 12 hours and can be accessed by any RootBSD customers. As part of our set up process we install the most recent version of the ports tree to the new systems but you will most likely wish to update your ports tree and installed ports from time to time. To you can easily do this from the command line by executing the command,

csup /usr/share/examples/cvsup/ports-supfile

Our servers are now preconfigured to automatically use our local mirror but, if you received your server/VPS before the mirror was established you will have to add the option “-h mirror.rootbsd.net” to the above command. This will generate a lot of output which you can supress with a -L 0 to the command. It should take only a minute or so and once it returns your ports tree is fully updated.

Patch for FreeBSD 6.2 jails

Date published: September 26th, 2007
Posted in FreeBSD Jails | No Comments »

I’ve actually made a number of changes after my original patch in the past month or so to fix a number of problems with page faults from the original patch. These page faults were caused by a null pointer in thread structures during forking. It seems to be fairly easy to demonstrate this issue by executing any program that does a decent amount of forking from inside a jail. I’m not exactly sure why these values are null, but it seems to be well outside the context of these patches. I added some simple checks for this null value and that seems to have cleared things up.

[Patch no longer available as of 02/29/2016]. It applies against the original version of src/sys/kern/kern_jail.c so you will need to revert it if you had previously tried to patch it.

I’ve done this work on 6.2 so I can’t say if this patch will work on other versions. This patch also includes the changes to get memory limits to be displayed. Let me know how it goes.