Solved

Mysterious loss of telnet session connections

Posted on 2002-06-27
7
474 Views
Last Modified: 2013-12-27
Got Solaris 8 (with latest 8_Recommended patches) running on a Sun Blade 100.  Mysterious thing is that on this box only (there are a couple other nearly identical machines where I don't have this problem), I'm having a very hard time keeping idle telnet sessions open.  Once left unattended, the telnet session abruptly disconnects after somewhere between 10 minutes and 5 hours of idle time.  I haven't been able to pinpoint what causes the variance in time, but it definitely happens each time even though the actual timing is inconsistent.

The users in question have /bin/sh as their shell and no TIMEOUT or similar environment variable set.

Any suggestions as to why these sessions are being disconnected and how to trace back the cause of the disconnect?  Happens when directly connected to the machine via the local ethernet segment, remote connection via dialup and via VPN.
0
Comment
Question by:tphipps
  • 3
  • 2
  • 2
7 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7113373
Solaris has a TCP-timeout for idle connections which is 2 hours, usually. Not shure if this applies to Solaris 8 too.
0
 
LVL 38

Accepted Solution

by:
yuzh earned 100 total points
ID: 7115487
Check the /etc/saf/zsmon/_pmtab file to see if timeout is set, you can delete the timeout entry (make a backup of the
file before you use vi to cahnge it.

Here' some infor about the file format:


/etc/saf/*/_pmtab:

  {svc_tag}:{flags}:{id}:reserved:reserved:reserved:
  {device_path}:{tty_flags}:{return_count}:{service_path}:{timeout_seconds}:
  {tty_def}:{streamio_modules}:{login_prompt}:{disabled_msg}:{term_type}:
  {softcar_yn}:# {comment}

/etc/saf/_smtab:

  {pm_tag}:{pm_type}:{flags}:{restart_count}:{monitor_path args} # comment

   
0
 

Author Comment

by:tphipps
ID: 7115829
Thanks for the suggesions yuzh.

My /etc/saf/zsmon/_pmpipe file only references the hardwired serial ports /dev/ttya and /dev/ttyb.  It doesn't reference any of the pseudo ttys created for telnet sessions.  I was under the assumption that entries in this file are only for physically connected devices.  Am I wrong?  Should I try to create entries for the pts/n devices?

Here's my contents of the file

# VERSION=1
ttya:u:root:reserved:reserved:reserved:/dev/term/a:I::/usr/bin/login::9600:ldter
m,ttcompat:ttya login\: ::tvi925:y:#
ttyb:u:root:reserved:reserved:reserved:/dev/term/b:I::/usr/bin/login::9600:ldter
m,ttcompat:ttyb login\: ::tvi925:y:#
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 38

Expert Comment

by:yuzh
ID: 7120877
It looks like the timeout is set in somewhere else on your system, please don't edit the /etc/saf/*/_pmtab. We'll try
to find the source of the configuration setting.

Have a look at your /etc/default/login file for the shell timeout, if you see
TIMEOUT=300  (or other value), comment it out, and then reboot your system, see how it goes.

 

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7121278
> .. then reboot your system,
This is UNIX, not M$. You don't need to reboot ;-)
0
 

Author Comment

by:tphipps
ID: 7121298
I think I've solved this.  It appears to be two different factors:

1) Whe connected to the machine (it's at home) from work, the dropped sessions can be blamed on a 600 second idle TCP timeout that our firewall seems to have in place for all outbound sessions.

2) When connected to the machine from home on the local segment, the dropped connections can most often be traced back to VPN connect/disconnects.  It seems that about 50% of the time I initiate a VPN (Cisco VPN client) connection, it drops existing TCP connections to local hosts.

Thanks all for the suggions. Giving points to yuzh given that I learned a lot about the /etc/saf* tree in the process!
0
 

Author Comment

by:tphipps
ID: 7121299
Thanks Yuzh... This wasn't the solution, but some good info.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
netstat -a in AIX unix 8 36
Can I delete authorized_keys in FreeBSD 1 76
Invalid password trying to cannect to Unix server 2 68
Python Assistance 7 73
This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now