Ssh connection “client_loop: send disconnect: Broken pipe” or “Connection reset by port 22”

macosport-forwardingssh

I have been using ssh to access remote servers for many months, but recently I haven't been able to establish a reliable connection. Sometimes I cannot login and get the message "Connection reset by port 22", when I can login I get the error message "client_loop: send disconnect: Broken pipe" in a few minutes (even if the terminal is not idle).

My ~/.ssh/config file has:

Host *  

     ServerAliveInterval 300
     ServerAliveCountMax 2
     TCPKeepAlive yes

My /etc/ssh/sshd_config file has:

#ClientAliveInterval 300
#ClientAliveCountMax 3

I recently upgraded my xfinity plan to a faster speed and the problem started happening then. But xfinity insists the issue is on my end. Note that my roommate also has the same issue with ssh…

Is there something that I'm missing on my end? Any help would be greatly appreciated!
(I'm running on a Mac)

Best Answer

I solved the same problem by editing the file ~/.ssh/config to have:

Host *
    ServerAliveInterval 20
    TCPKeepAlive no

Motivation:

TCPKeepAlive no means "do not send keepalive messages to the server". When the opposite, TCPKeepAlive yes, is set, then the client sends keepalive messages to the server and requires a response in order to maintain its end of the connection. This will detect if the server goes down, reboots, etc. The trouble with this is that if the connection between the client and server is broken for a brief period of time (due to flaky a network connection), this will cause the keepalive messages to fail, and the client will end the connection with "broken pipe".

Setting TCPKeepAlive no tells the client to just assume the connection is still good until proven otherwise by a user request, meaning that temporary connection breakages while your ssh term is sitting idle in the background won't kill the connection.

Related Solutions

SSH – How Does TCP-Keepalive Work in SSH

You probably want to use the ServerAlive settings for this. They do not require any configuration on the server, and can be set on the command line if you wish.

ssh -o ServerAliveInterval=5 -o ServerAliveCountMax=1 $HOST

This will send a ssh keepalive message every 5 seconds, and if it comes time to send another keepalive, but a response to the last one wasn't received, then the connection is terminated.

The critical difference between ServerAliveInterval and TCPKeepAlive is the layer they operate at.

TCPKeepAlive operates on the TCP layer. It sends an empty TCP ACK packet. Firewalls can be configured to ignore these packets, so if you go through a firewall that drops idle connections, these may not keep the connection alive.
ServerAliveInterval operates on the ssh layer. It will actually send data through ssh, so the TCP packet has encrypted data in and a firewall can't tell if its a keepalive, or a legitimate packet, so these work better.

SSH – Fix Broken Pipe During Connection on Fedora

vi /etc/ssh/sshd_config

Change value of UsePrivilegeSeparation into yes.

I using fedora23, and I met the same with you, try my solution above, maybe it works. It looks like a problem about openssh-server-7.2p2-1.

Best Answer

Related Solutions

SSH – How Does TCP-Keepalive Work in SSH

SSH – Fix Broken Pipe During Connection on Fedora

Related Question