If you've ever tried setting up an SSH tunnel to connect through a bastion host, you might have run into this frustrating issue:
client_loop: send disconnect: Broken pipe
This happens after a few minutes of idle time and typically means your SSH tunnel was dropped due to inactivity.
🎯 The Use Case
You're trying to securely forward a local port to Amazon DocumentDB using a bastion host, like this:
ssh -i "my-bastion-host-key-pair.pem" \
-L 27017:docdb-dima-1.cluster-xxxxxxxxxxxx.us-east-1.docdb.amazonaws.com:27017 \
ec2-user@ec2-YYY-YYY-YYY-YYY.compute-1.amazonaws.com -N
It works for a short time, but then—poof! The connection dies with the infamous Broken pipe error.
🛠️ The Problem
SSH connections can be terminated by the server (or an intermediate firewall/NAT/router) if they are idle for too long. This is common in cloud environments where aggressive timeout settings are used to conserve resources.
✅ The Fix
To keep the connection alive, you can configure your SSH client to send periodic keep-alive messages. This is done using two SSH options:
-
ServerAliveInterval=60: Sends a keep-alive packet every 60 seconds. -
ServerAliveCountMax=3: If the server doesn't respond to 3 consecutive keep-alive messages, the client will disconnect.
🔐 Updated Command
Here's the improved SSH command with keep-alive settings:
ssh -i "my-bastion-host-key-pair.pem" \
-o ServerAliveInterval=60 \
-o ServerAliveCountMax=3 \
-L 27017:docdb-dima-1.cluster-xxxxxxxxxxxx.us-east-1.docdb.amazonaws.com:27017 \
ec2-user@ec2-YYY-YYY-YYY-YYY.compute-1.amazonaws.com -N
This will keep your tunnel alive even during idle periods, and should prevent those unexpected disconnects.
Thanks for reading! If this helped you, leave a ❤️ on the post.
Top comments (0)