OpenSSH Server connection drops out after few minutes of inactivity

I have already written about how to deny access to users using OpenSSH. Today I am going to write about another interesting problem that can cause ssh connection time outs and how to increase SSH connection timeout in macOS, Linux, *BSD and Unix-like systems.
OpenSSH Server connection drops out after few minutes of inactivity

Basically, this is a security feature. Ssh connection freezes or drops out after N minutes of inactivity. According to the official OpenSSH man page:

ADVERTISEMENTS

This is usually the result of a packet filter or NAT device timing out your TCP connection due to inactivity. For security, reason most enterprises only use SSH protocol version 2. This problem only occurred with version 2.

If you work long hours using ssh and left workstation for some other work, your connection will be dropped by the remote server. It is a little annoying problem for me. So we can to get rid of this problem as follows.

Fix OpenSSH Server connection drops out after few minutes of inactivity

First, log into the remote server and then open your /etc/ssh/sshd_config file:
# vi /etc/ssh/sshd_config
Modify setting as follows:
ClientAliveInterval 30
ClientAliveCountMax 5

Where,

  • ClientAliveInterval: Sets a timeout interval in seconds (30) after which if no data has been received from the client, sshd will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client. This option applies to protocol version 2 only.
  • ClientAliveCountMax: Sets the number of client alive messages (5) which may be sent without sshd receiving any messages back from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the client, terminating the session.

Close and save the file. Restart the sshd service:
# /etc/init.d/ssh restart
## OR ##
# service sshd restart
## For Linux+systemd ##
# systemctl restart sshd.service

Increase SSH connection timeout using client side configuration

Another option is to enable ServerAliveInterval option in the client’s $HOME/.ssh/ssh_config file. Very useful when you don’t have access to remote servers’ sshd config file. Open the terminal application and then type the following command:
$ vi ~/.ssh/ssh_config
Append/modify values as follows:
ServerAliveInterval 15
ServerAliveCountMax 3

Where,

  • ServerAliveInterval 15 : Sets a timeout interval in seconds after which if no data has been received from the server, ssh will send a message through the encrypted channel to request a response from the server. For example, set a timeout to 15 seconds.
  • ClientAliveInterval 3 : Sets the number of server alive messages which may be sent without ssh command receiving any messages back from the server. If this threshold is reached while server alive messages are being sent, ssh will disconnect from the server, terminating the session. The server alive messages are sent through the encrypted channel and therefore will not be spoofable.

For example, when ServerAliveInterval is set to 15 and ServerAliveCountMax is left at the 3, if the server becomes unresponsive, ssh will disconnect after approximately 45 seconds. Again this option applies to protocol version 2 only. You can add above options in the /etc/ssh/ssh_config file on client side for all users too. See the following tutorials for more information:

Conclusion

We can also use Mosh (mobile shell) to connect from a desktop to a server. It is similar to SSH, with additional features meant to improve usability for mobile users, especially when the frequent discussion happens. Please read the man pages of ssh, sshd and sshd_config/ssh_config for more information online here or by typing the following man command:
$ man sshd_config
$ man sshd_config
$ man sshd

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
10 comments… add one
  • Iain Kay Apr 8, 2009 @ 12:08

    Hey thanks for this article, it was very helpful. I was not aware this problem only occurred with protocol v2 which any one serious about security will be using.
    I have found setting the options on the server works best if using a good connection, but otherwise it’s much better to set on the client workstation.

    Mac users wishing to edit their workstation configuration should open up terminal and issue the command sudo vi /etc/ssh_config entering your account password when requested. Then just type :wq to save and quit. Sorted.

  • Internet User Sep 20, 2009 @ 21:33

    If you’re on a machine where you don’t have root access, add the following lines to make your connections stay alive:


    Host *
    ServerAliveInterval 240

  • Internet User Sep 20, 2009 @ 21:37

    Correction:

    If you’re on a machine where you don’t have root access, add the following lines to ~/.ssh/config to make your connections stay alive:


    Host *
    ServerAliveInterval 240

  • Ken Feb 27, 2011 @ 4:28

    Tried all of the above. After about 3 minutes I loose my connection to the server. GoDaddy is my provider any additional thoughts?

  • PJ Brunet Mar 23, 2012 @ 2:29

    I realize this is an old post, but the “ClientAliveCountMax 3” option caused my sshfs to fail. Maybe skip this option if you can’t mount with sshfs.

  • Arunan.KL Aug 28, 2012 @ 11:23

    Please note that there is “send keep alive messages” option in your ssh client (putty,ssh secure, xshell,etc.,) which keeps you alive without disconnecting.

    For Xshell default is 60 seconds.

  • Girish Sep 4, 2012 @ 20:37

    I wish to set the timeout to 30 minutes. But I seem to have trouble with the suggested parameter. When I add the line “ClientAliveInterval 30” to my sshd_config, and try to restart the sshd demon, it fails, The error I get is:
    Bad configuration option: ServerAliveInterval

    I am running CentOS 5. I’m using OpenSSH. Here is the output of the version:

    $ssh -V
    OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

    Any suggestions for me? Thanks in Advance.

    Thanks
    Girish

    • Raul May 8, 2013 @ 15:41

      Yes, put:
      ClientAliveInterval 30
      instead of
      ServerAliveInterval 30
      -rt

  • satya May 19, 2014 @ 14:32

    i am getting below error when i am try to set ssh -o ServerAliveInterval=15 userid@host ./test_ssh.ksh.

    userid@host:xbbkptv$ ./ssh_repro.ksh
    command-line: line 0: Bad configuration option: ServerAliveInterval
    ./ssh_repro.ksh[4]: echostop test_ssh filen:

    my ssh version is:
    OpenSSH_3.7.1p2-pwexp26, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003

    could you please provide me the suggestion to run the scripts with out errors and with serverAliveinterval

    Thanks in advance
    Satya

  • Bruno Ribeiro Oct 20, 2016 @ 10:22

    I use Arch Linux and change the file / etc / ssh / sshd_config including the parameters below worked for me:
    ClientAliveInterval 30
    ClientAliveCountMax 5

    Thank you

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.