I'm doing some research on this now. As far as day long garbage collection vs 30 minutes or whatever. I'm not sure if on the pix you can do tcp timeouts for a specific port. If you cannot, then a 30 minute timeout vs day long timeout for say, port 80, is a very big difference. Each connection is tracked by the pix so there could be memory issues there. I don't control the settings on the pix anyway but there may be some timeout settings we can put in ssh on cvs, and on tcp on cvs. Alternatively there's probably some config settings on the client that might help.

We run in to this issue with more then cvs so it's probably time to get it figured out.

You can add this to you ssh config to make ssh generate a tiny bit of traffic every 450 seconds:

ServerAliveInterval 450

The best value depends on how long the actual timeout is.

Thanks for this tip, this makes working with ssh a lot faster. Maybe a better workaround or fix for this issue would be a little wrapper script around ssh that recreates a new ssh master in case none exists. Then there is only a speed penalty every 30 minutes for the first cvs command, but the following are already a lot faster.

Writing a wrapper script was not so hard:

{{{
$ cat ~/.ssh/config
Host cvs.fedoraproject.org
ControlMaster auto
ControlPath ~/.ssh/sockets/controlsocket-%h-%p-%

$ echo $CVS_RSH
/home/till/fedora-cvs-ssh.s
$ cat fedora-cvs-ssh.sh

! /bin/bash

/usr/bin/test -e ~/.ssh/sockets/controlsocket-cvs.fedoraproject.org-22-$USER || /usr/bin/ssh -f -N cvs.fedoraproject.org </dev/null >/dev/null 2>/dev/null

exec /usr/bin/ssh -v "$@"
}}}

But I am not sure, how one can make this work with several CVS repositories. Maybe there is a better way than to set the CVS_RSH variable, e.g. setup it for each CVS repository independently.

I've been using ServerAliveInterval for some time with much success. Closing ticket.