DEV Community

Dmitry Romanoff
Dmitry Romanoff

Posted on

Fixing "Broken Pipe" SSH Tunnel Disconnects When Connecting via Bastion

If you've ever tried setting up an SSH tunnel to connect through a bastion host, you might have run into this frustrating issue:

client_loop: send disconnect: Broken pipe
Enter fullscreen mode Exit fullscreen mode

This happens after a few minutes of idle time and typically means your SSH tunnel was dropped due to inactivity.

🎯 The Use Case

You're trying to securely forward a local port to Amazon DocumentDB using a bastion host, like this:

ssh -i "my-bastion-host-key-pair.pem" \
    -L 27017:docdb-dima-1.cluster-xxxxxxxxxxxx.us-east-1.docdb.amazonaws.com:27017 \
    ec2-user@ec2-YYY-YYY-YYY-YYY.compute-1.amazonaws.com -N
Enter fullscreen mode Exit fullscreen mode

It works for a short time, but then—poof! The connection dies with the infamous Broken pipe error.

🛠️ The Problem

SSH connections can be terminated by the server (or an intermediate firewall/NAT/router) if they are idle for too long. This is common in cloud environments where aggressive timeout settings are used to conserve resources.

✅ The Fix

To keep the connection alive, you can configure your SSH client to send periodic keep-alive messages. This is done using two SSH options:

  • ServerAliveInterval=60: Sends a keep-alive packet every 60 seconds.
  • ServerAliveCountMax=3: If the server doesn't respond to 3 consecutive keep-alive messages, the client will disconnect.

🔐 Updated Command

Here's the improved SSH command with keep-alive settings:

ssh -i "my-bastion-host-key-pair.pem" \
    -o ServerAliveInterval=60 \
    -o ServerAliveCountMax=3 \
    -L 27017:docdb-dima-1.cluster-xxxxxxxxxxxx.us-east-1.docdb.amazonaws.com:27017 \
    ec2-user@ec2-YYY-YYY-YYY-YYY.compute-1.amazonaws.com -N
Enter fullscreen mode Exit fullscreen mode

This will keep your tunnel alive even during idle periods, and should prevent those unexpected disconnects.


Thanks for reading! If this helped you, leave a ❤️ on the post.

Top comments (0)