guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark van den Boogaard <Mark.vanden.Booga...@davantigroup.com>
Subject Re: Timeout SSH session
Date Fri, 10 Feb 2017 07:11:55 GMT
I just was reading that article after Mike's comment ;-). It seems to be valid in our case,
but... The servers we are connecting to are not our servers. We support an application on
those servers and most of the times we don't have any root access.
At client side with a "normal" ssh client (the default on any linux client) it is possible
to implement "ServerAliveInterval" on client side so it will send every x seconds a "alive"
message. Is it possible to implement this (or something similar) in Guacamole?


--

Met vriendelijke groet / with kind regards,

Mark van den Boogaard
Linux specialist

[cid:1486710713.5477.65.camel@davantigroup.com]​​

Mob: +31 6 82241436
E-Mail: mark.van.den.boogaard@davantigroup.com<mailto:mark.van.den.boogaard@davantigroup.com>
Web: www.davantigroup.com<http://www.davantigroup.com>

Davanti Warehousing B.V.
Hogeweg 35E, Postbus 2601, 5300 CB Zaltbommel

-----Original Message-----
From: Paul Cantle <paul@cantle.me<mailto:Paul%20Cantle%20%3cpaul@cantle.me%3e>>
Reply-to: <user@guacamole.incubator.apache.org>
To: user@guacamole.incubator.apache.org <user@guacamole.incubator.apache.org<mailto:%22user@guacamole.incubator.apache.org%22%20%3cuser@guacamole.incubator.apache.org%3e>>,
user@guacamole.incubator.apache.org <user@guacamole.incubator.apache.org<mailto:%22user@guacamole.incubator.apache.org%22%20%3cuser@guacamole.incubator.apache.org%3e>>
Subject: Re: Timeout SSH session
Date: Fri, 10 Feb 2017 07:04:56 +0000

Have a look here to adjust the server side settings

https://docs.oseems.com/general/application/ssh/disable-timeout

Maybe that will help





On Fri, Feb 10, 2017 at 6:51 AM +0000, "Mike Jumper" <mike.jumper@guac-dev.org<mailto:mike.jumper@guac-dev.org>>
wrote:

Could it be the SSH server itself that is timing out the session? If I remember correctly,
sshd does have client timeout settings.

- Mike


On Thu, Feb 9, 2017 at 10:34 PM, Mark van den Boogaard <Mark.vanden.Boogaard@davantigroup.com<mailto:Mark.vanden.Boogaard@davantigroup.com>>
wrote:
Hi,

I did some tests. After half an hour of inactivity the session is not responding anymore.
I did a ping on the same time but didn't had any packet loss.
We are using Guacamole 0.9.10 with MySQL (MariaDB) backend and LDAP authentication (to Active
Directory) on CentOS 7.3.1611.
We are using Apache as proxy

[root<mailto:root@dvguac02> ~]# mysql --version
mysql  Ver 15.1 Distrib 10.1.21-MariaDB, for Linux (x86_64) using readline 5.1

[root<mailto:root@dvguac02> ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)

[root<mailto:root@dvguac02> ~]# cat /etc/httpd/conf.d/guacamole.conf
ProxyPass / http://localhost:8080/guacamole/ flushpackets=on
ProxyPassReverse / http://localhost:8080/guacamole/
ProxyPassReverseCookiePath /guacamole/ /

<Location /websocket-tunnel>
    Order allow,deny
    Allow from all
    ProxyPass ws://localhost:8080/guacamole/websocket-tunnel
    ProxyPassReverse ws://localhost:8080/guacamole/websocket-tunnel
</Location>

/var/log/messages:
Feb 10 06:49:45 <hostname> guacd[33566]: Creating new client for protocol "ssh"
Feb 10 06:49:45 <hostname> guacd[33566]: Connection ID is "$98447e17-d5ae-4b65-879d-b766e7888a78"
Feb 10 06:49:45 <hostname> guacd[10483]: User "@1460e686-4dc3-401d-8ba9-0686d98bc348"
joined connection "$98447e17-d5ae-4b65-879d-b766e7888a78" (1 users now present)
Feb 10 06:49:45 <hostname> server: 06:49:45.156 [http-bio-8080-exec-1089] INFO  o.a.g.tunnel.TunnelRequestService
- User "boogaardvandenm" connected to connection "157".
Feb 10 06:49:45 <hostname> guacd[10483]: SSH connection successful.
Feb 10 06:50:01 <hostname> systemd: Created slice user-0.slice.
Feb 10 06:50:01 <hostname> systemd: Starting user-0.slice.
Feb 10 06:50:01 <hostname> systemd: Started Session 3100 of user root.
Feb 10 06:50:01 <hostname> systemd: Starting Session 3100 of user root.
Feb 10 06:50:01 <hostname> systemd: Removed slice user-0.slice.
Feb 10 06:50:01 <hostname> systemd: Stopping user-0.slice.
Feb 10 06:57:18 <hostname> systemd: Starting Cleanup of Temporary Directories...
Feb 10 06:57:18 <hostname> systemd: Started Cleanup of Temporary Directories.
Feb 10 07:00:01 <hostname> systemd: Created slice user-0.slice.
Feb 10 07:00:01 <hostname> systemd: Starting user-0.slice.
Feb 10 07:00:01 <hostname> systemd: Started Session 3101 of user root.
Feb 10 07:00:01 <hostname> systemd: Starting Session 3101 of user root.
Feb 10 07:00:01 <hostname> systemd: Removed slice user-0.slice.
Feb 10 07:00:01 <hostname> systemd: Stopping user-0.slice.
Feb 10 07:01:01 <hostname> systemd: Created slice user-0.slice.
Feb 10 07:01:01 <hostname> systemd: Starting user-0.slice.
Feb 10 07:01:01 <hostname> systemd: Started Session 3102 of user root.
Feb 10 07:01:01 <hostname> systemd: Starting Session 3102 of user root.
Feb 10 07:01:01 <hostname> systemd: Removed slice user-0.slice.
Feb 10 07:01:01 <hostname> systemd: Stopping user-0.slice.
Feb 10 07:10:01 <hostname> systemd: Created slice user-0.slice.
Feb 10 07:10:01 <hostname> systemd: Starting user-0.slice.
Feb 10 07:10:01 <hostname> systemd: Started Session 3103 of user root.
Feb 10 07:10:01 <hostname> systemd: Starting Session 3103 of user root.
Feb 10 07:10:01 <hostname> systemd: Removed slice user-0.slice.
Feb 10 07:10:01 <hostname> systemd: Stopping user-0.slice.
Feb 10 07:20:01 <hostname> systemd: Created slice user-0.slice.
Feb 10 07:20:01 <hostname> systemd: Starting user-0.slice.
Feb 10 07:20:01 <hostname> systemd: Started Session 3104 of user root.
Feb 10 07:20:01 <hostname> systemd: Starting Session 3104 of user root.
Feb 10 07:20:01 <hostname> systemd: Removed slice user-0.slice.
Feb 10 07:20:01 <hostname> systemd: Stopping user-0.slice.


Ping statistics:
--- 172.x.y.z ping statistics ---
1853 packets transmitted, 1851 received, 0% packet loss, time 1854742ms
rtt min/avg/max/mdev = 19.376/20.550/37.963/2.018 ms


If anybody has an idea or if I have to create a bug, please let me know.


--

Met vriendelijke groet / with kind regards,

Mark van den Boogaard
Linux specialist

[cid:1486710713.5477.65.camel@davantigroup.com]​​

Mob: +31 6 82241436<tel:+31%206%2082241436>
E-Mail: mark.van.den.boogaard@davantigroup.com<mailto:mark.van.den.boogaard@davantigroup.com>
Web: www.davantigroup.com<http://www.davantigroup.com>

Davanti Warehousing B.V.
Hogeweg 35E, Postbus 2601, 5300 CB Zaltbommel

-----Original Message-----
From: Mark van den Boogaard <Mark.vanden.Boogaard@davantigroup.com<mailto:Mark%20van%20den%20Boogaard%20%3cMark.vanden.Boogaard@davantigroup.com%3e>>
Reply-to: <user@guacamole.incubator.apache.org<mailto:user@guacamole.incubator.apache.org>>
To: user@guacamole.incubator.apache.org<mailto:user@guacamole.incubator.apache.org>
<user@guacamole.incubator.apache.org<mailto:%22user@guacamole.incubator.apache.org%22%20%3cuser@guacamole.incubator.apache.org%3e>>
Subject: Re: Timeout SSH session
Date: Mon, 6 Feb 2017 13:03:31 +0000

Hi,

This will make a bit more clear to me. At the moment it is just happening randomly ( I couldn't
find out any pattern yet except the inactivity).
I will try to figure out when it happens so we can maybe reproduce it. I will also try to
figure out if it can happen because of underlaying network issues. If I have some more info
(or not if there is none...) , I will come back.


--

Met vriendelijke groet / with kind regards,

Mark van den Boogaard
Linux specialist

[cid:1486710713.5477.65.camel@davantigroup.com]​​

Mob: +31 6 82241436<tel:+31%206%2082241436>
E-Mail: mark.van.den.boogaard@davantigroup.com<mailto:mark.van.den.boogaard@davantigroup.com>
Web: www.davantigroup.com<http://www.davantigroup.com>

Davanti Warehousing B.V.
Hogeweg 35E, Postbus 2601, 5300 CB Zaltbommel

-----Original Message-----
From: Mike Jumper <mike.jumper@guac-dev.org<mailto:Mike%20Jumper%20%3cmike.jumper@guac-dev.org%3e>>
Reply-to: <user@guacamole.incubator.apache.org<mailto:user@guacamole.incubator.apache.org>>
To: user@guacamole.incubator.apache.org<mailto:user@guacamole.incubator.apache.org>
Subject: Re: Timeout SSH session
Date: Sun, 5 Feb 2017 11:52:58 -0800

On Thu, Feb 2, 2017 at 2:45 AM, Mark van den Boogaard <Mark.vanden.Boogaard@davantigroup.com<mailto:Mark.vanden.Boogaard@davantigroup.com>>
wrote:
Hello all,

We are using guacamole for a couple of months now but we have some problems with SSH connections.
We connect to our customers with guacamole via a VPN tunnel. Sometimes we keep the SSH-session
open but we don't use it for a while. Often the SSH-session freezes when we want to use it
again. Is there some way to keep the SSH-session alive until we logout or until the session
timeout kicks in?


Guacamole's session timeout only takes effect once all connections are closed. If a user has
an SSH connection open, they should stay logged in, regardless of whether they are actively
using that connection. As far as Guacamole is concerned, as long as the connection is open,
the user is active.

What you describe sounds like a bug, assuming there isn't some underlying network issue causing
the disconnect. Is this reliably reproducible? Do you see anything logged by guacd or Tomcat
when the connection unexpectedly terminates?

- Mike


--

Met vriendelijke groet / with kind regards,

Mark van den Boogaard
Linux specialist

[cid:1486710713.5477.65.camel@davantigroup.com]​​

Mob: +31 6 82241436<tel:+31%206%2082241436>
E-Mail: mark.van.den.boogaard@davantigroup.com<mailto:mark.van.den.boogaard@davantigroup.com>
Web: www.davantigroup.com<http://www.davantigroup.com>

Davanti Warehousing B.V.
Hogeweg 35E, Postbus 2601, 5300 CB Zaltbommel



Mime
View raw message