Open SSH Server connection drops out after few or N minutes of inactivity

by on October 16, 2006 · 8 comments· LAST UPDATED October 16, 2006

in , ,

Open SSH Logo

I have already written about how to deny or access to users using OpenSSH. Today I am going to write about another interesting problem.

Basically this is a security feature. Ssh connection freezes or drops out after N minutes of inactivity. According to official OpenSSH man page:

"This is usually the result of a packet filter or NAT device timing out your TCP connection due to inactivity. For security, reason most enterprises only use SSH protocol version 2. This problem only occurred with version 2."

If you work for long hours using ssh and left workstation for some other work, your connection will be dropped by remote server. This may be little annoying to you. So to get rid of this problem:

Open your /etc/ssh/sshd_config file:
# vi /etc/ssh/sshd_config
Modify setting as follows:
ClientAliveInterval 30
ClientAliveCountMax 5

Where,

  • ClientAliveInterval: Sets a timeout interval in seconds (30) after which if no data has been received from the client, sshd will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will
    not be sent to the client. This option applies to protocol version 2 only.
  • ClientAliveCountMax: Sets the number of client alive messages (5) which may be sent without sshd receiving any messages back from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the client, terminating the session.

Close and save the file. Restart sshd:
# /etc/init.d/ssh restart
OR
# service sshd restart

Another option is enable ServerAliveInterval in the client's (your workstation) ssh_config file.
# vi /etc/ssh/ssh_config
Append/modify values as follows:
ServerAliveInterval 15
ServerAliveCountMax 3

Where,

  • ServerAliveInterval : Sets a timeout interval in seconds after which if no data has
    been received from the server, ssh will send a message through the encrypted channel to request a response from the server.

In above example, ServerAliveInterval is set to 15 and ServerAliveCountMax is left at the 3, if the server becomes unresponsive, ssh will disconnect after approximately 45 seconds. Again this option applies to protocol version 2 only.

Read the man pages of ssh, sshd and sshd_config/ssh_config for more information.

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 8 comments… read them below or add one }

1 Iain Kay April 8, 2009 at 12:08 pm

Hey thanks for this article, it was very helpful. I was not aware this problem only occurred with protocol v2 which any one serious about security will be using.
I have found setting the options on the server works best if using a good connection, but otherwise it’s much better to set on the client workstation.

Mac users wishing to edit their workstation configuration should open up terminal and issue the command sudo vi /etc/ssh_config entering your account password when requested. Then just type :wq to save and quit. Sorted.

Reply

2 Internet User September 20, 2009 at 9:33 pm

If you’re on a machine where you don’t have root access, add the following lines to make your connections stay alive:


Host *
ServerAliveInterval 240

Reply

3 Internet User September 20, 2009 at 9:37 pm

Correction:

If you’re on a machine where you don’t have root access, add the following lines to ~/.ssh/config to make your connections stay alive:


Host *
ServerAliveInterval 240

Reply

4 Ken February 27, 2011 at 4:28 am

Tried all of the above. After about 3 minutes I loose my connection to the server. GoDaddy is my provider any additional thoughts?

Reply

5 PJ Brunet March 23, 2012 at 2:29 am

I realize this is an old post, but the “ClientAliveCountMax 3″ option caused my sshfs to fail. Maybe skip this option if you can’t mount with sshfs.

Reply

6 Arunan.KL August 28, 2012 at 11:23 am

Please note that there is “send keep alive messages” option in your ssh client (putty,ssh secure, xshell,etc.,) which keeps you alive without disconnecting.

For Xshell default is 60 seconds.

Reply

7 Girish September 4, 2012 at 8:37 pm

I wish to set the timeout to 30 minutes. But I seem to have trouble with the suggested parameter. When I add the line “ClientAliveInterval 30″ to my sshd_config, and try to restart the sshd demon, it fails, The error I get is:
Bad configuration option: ServerAliveInterval

I am running CentOS 5. I’m using OpenSSH. Here is the output of the version:

$ssh -V
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

Any suggestions for me? Thanks in Advance.

Thanks
Girish

Reply

8 Raul May 8, 2013 at 3:41 pm

Yes, put:
ClientAliveInterval 30
instead of
ServerAliveInterval 30
-rt

Reply

Leave a Comment

Previous post:

Next post: