Active emulation sessions, connected through SSH, are being disconnected at exactly one hour intervals.

Version 1

    Problem:

    While using an SSH connection to a server, ACTIVE emulation sessions are being disconnected and the following Fatal Error appears:

    Server unexpectedly closed network connection

    This occurs at exactly one hour into a active session.  It results in a session disconnect.  The TE Client is still operative but the end user has to log back into the host. 

     

    Cause:

    When a Net Trace was captured and reviewed, it appears as though the Host is closing the session on the client.  The trace shows a FIN coming from the host indicating that the host is finished sending data. The client tries sending on the half open socket but the host tells the client that the socket is now dead with a RST (reset). 

    However, what is really happening is that the TE Client is sending a Rekey request to the server.  The request is rejected by the server and it sends the FIN. 

     

    Rekey is the renegotiation of a new SSH key between the client and the Host.  Within the emulation parameters for SSH, attributes associated with Rekey functionality can be set.  One attribute is Rekey Time.  Rekey Time allows the maximum amount of time in minuets that a SSH session can be open before the SSH key is renegotiated.  A value of 0 can be used to not force rekeying after a specific time period.  The default amount of time is 60 minutes.

     

    Unfortunately some SSH servers cannot cope with repeat key exchange at all, and will ignore attempts by the client to start one.  The effect of this would be to cause the active session to hang after an hour unless the Rekey timeout is set differently from the default.  Other very old SSH servers handle repeat key exchange by disconnecting upon receiving a repeat key exchange request.

     

    Resolution:

    Changing the default setting of the Rekey resolves the issue.  Setting the SSH Rekey Time and Rekey Data settings to 0 will result in a Rekey never being negotiated.  Of course if repeat SSH key exchange is desired, the Host parameters will need to be evaluated and set to accept Rekey requests.

    Changing the default setting of the Rekey Time to 3 Mins and watching for a disconnect,  is a quick good test to determine a Hosts acceptance the Rekey negotiation process.