What is the default idle timeout for OpenSSH?
Clash Royale CLAN TAG#URR8PPP
up vote
20
down vote
favorite
I can't seem to find an answer to this simple question, which I need for some compliance documentation.
On a default install of CentOS 6.5 (OpenSSH 5.3p1-94.el6), after how long of being idle will a user's SSH session be terminated? I believe the following can be set to increase the idle timeout, but they are commented out by default.
$ grep -i alive /etc/ssh/sshd_config
#TCPKeepAlive yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
Also, is there a command to dump a list of the current sshd settings? I don't see anything in man sshd.
ssh centos openssh
asked Aug 15 '14 at 14:07
Banjer
1,76051829
add a comment |Â
up vote
20
down vote
favorite
I can't seem to find an answer to this simple question, which I need for some compliance documentation.
On a default install of CentOS 6.5 (OpenSSH 5.3p1-94.el6), after how long of being idle will a user's SSH session be terminated? I believe the following can be set to increase the idle timeout, but they are commented out by default.
$ grep -i alive /etc/ssh/sshd_config
#TCPKeepAlive yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
Also, is there a command to dump a list of the current sshd settings? I don't see anything in man sshd.
ssh centos openssh
asked Aug 15 '14 at 14:07
Banjer
1,76051829
2
Some shells can be set to exit after a timeout. That would cause the ssh session to terminate. Check whether your TMOUT environment variable is set.
– Kenster
Aug 20 '14 at 18:38
add a comment |Â
up vote
20
down vote
favorite
up vote
20
down vote
favorite
I can't seem to find an answer to this simple question, which I need for some compliance documentation.
On a default install of CentOS 6.5 (OpenSSH 5.3p1-94.el6), after how long of being idle will a user's SSH session be terminated? I believe the following can be set to increase the idle timeout, but they are commented out by default.
$ grep -i alive /etc/ssh/sshd_config
#TCPKeepAlive yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
Also, is there a command to dump a list of the current sshd settings? I don't see anything in man sshd.
ssh centos openssh
asked Aug 15 '14 at 14:07
Banjer
1,76051829
I can't seem to find an answer to this simple question, which I need for some compliance documentation.
On a default install of CentOS 6.5 (OpenSSH 5.3p1-94.el6), after how long of being idle will a user's SSH session be terminated? I believe the following can be set to increase the idle timeout, but they are commented out by default.
$ grep -i alive /etc/ssh/sshd_config
#TCPKeepAlive yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
Also, is there a command to dump a list of the current sshd settings? I don't see anything in man sshd.
ssh centos openssh
ssh centos openssh
asked Aug 15 '14 at 14:07
Banjer
1,76051829
asked Aug 15 '14 at 14:07
Banjer
1,76051829
asked Aug 15 '14 at 14:07
Banjer
1,76051829
asked Aug 15 '14 at 14:07
Banjer
1,76051829
asked Aug 15 '14 at 14:07
Banjer
1,76051829
1,76051829
2
Some shells can be set to exit after a timeout. That would cause the ssh session to terminate. Check whether your TMOUT environment variable is set.
– Kenster
Aug 20 '14 at 18:38
add a comment |Â
2
Some shells can be set to exit after a timeout. That would cause the ssh session to terminate. Check whether your TMOUT environment variable is set.
– Kenster
Aug 20 '14 at 18:38
2
2
Some shells can be set to exit after a timeout. That would cause the ssh session to terminate. Check whether your TMOUT environment variable is set.
– Kenster
Aug 20 '14 at 18:38
Some shells can be set to exit after a timeout. That would cause the ssh session to terminate. Check whether your TMOUT environment variable is set.
– Kenster
Aug 20 '14 at 18:38
add a comment |Â
5 Answers
5
active
oldest
votes
up vote
20
down vote
The commented lines in sshd_config usually display the defaults. This is the case with all of the lines in your question. You can verify this in the sshd_config manpage. Here are the relevant snippets:
TCPKeepAlive
Specifies whether the system should send TCP keepalive messages to the other side. If they are sent, death of the
connection or crash of one of the machines will be properly noticed. However, this means that connections will die
if the route is down temporarily, and some people find it annoying. On the other hand, if TCP keepalives are not
sent, sessions may hang indefinitely on the server, leaving “ghost†users and consuming server resources.
The default is “yes†(to send TCP keepalive messages), and the server will notice if the network goes down or the
client host crashes. This avoids infinitely hanging sessions.
To disable TCP keepalive messages, the value should be set to “noâ€Â.
This option was formerly called
KeepAlive.
ClientAliveCountMax
Sets the number of client alive messages (see below) which may be sent without sshd(8) receiving any messages back
from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the
client, terminating the session. It is important to note that the use of client alive messages is very different
fromTCPKeepAlive(below)(above). The client alive messages are sent through the encrypted channel and therefore will not
be spoofable. The TCP keepalive option enabled byTCPKeepAliveis spoofable. The client alive mechanism is
valuable when the client or server depend on knowing when a connection has become inactive.
The default value is 3. If
ClientAliveInterval(see below) is set to 15, andClientAliveCountMaxis left at the
default, unresponsive SSH clients will be disconnected after approximately 45 seconds. This option applies to protocol version 2 only.
ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a
message through the encrypted channel to request a response from the client. The default is 0, indicating that
these messages will not be sent to the client. This option applies to protocol version 2 only.
edited Mar 12 at 22:11
G-Man
11.9k92658
answered Aug 15 '14 at 14:24
jordanm
29.3k27891
Correct me if wrong, but if there was no firewall in between me and the machine (w/ default configs), then I'd never be disconnected? I know our firewall drops idle TCP connections after 60 minutes, so that's where the closing idle connections is happening. I just wanted to check and see if OpenSSH itself explicitly closes sessions. I think the answer is No, openssh does not explicitly close idle connections, but firewalls typically do. The settings mentioned in your answer actually help to persist the connection or to properly terminate the session if it sees it's been dropped.
– Banjer
Aug 15 '14 at 15:31
2
The quoted text says that the default for ClientAliveInterval is 0, which means that it doesn't define a time interval for which a connection stays open. And yet we know that the time interval has some finite value by default. Therefore it seems that there must be some other parameter that sets how long the connection stays open by default. If my analysis above is correct, then suppose both server and client are linux machines running openssh, and both are using all the defaults. In this case which side sets the default, what is its value, and where is it set?
– Ben Crowell
Apr 8 '15 at 20:09
1
@BenCrowell And yet we know that the time interval has some finite value by default. What time interval and how do you know this?
– Piotr Dobrogost
Nov 13 '17 at 8:21
add a comment |Â
up vote
7
down vote
You can set up SSH keepalive for either the client or server side:
Client side
File: /etc/ssh/ssh_config
Content:
Host *
ServerAliveInterval XX
ServerAliveCountMax YY
Server side
File: /etc/ssh/sshd_config
Content:
ClientAliveInterval XX
ClientAliveCountMax YY
Extracted from: http://www.sysadmit.com/2016/02/linux-y-vmware-ssh-evitar-desconexion.html
edited Jul 4 '16 at 5:05
Olathe
1565
answered Feb 12 '16 at 22:12
Yamanoteone
7111
5
Useful, but doesn't answer the question in any way.
– bzeaman
Aug 18 '16 at 9:44
add a comment |Â
up vote
0
down vote
OpenSSH will not terminate a shell session that has been idle for some time. This is not something that OpenSSH does. Terminating an idle shell session is unrelated to the configuration of OpenSSH.
The settings that you are showing are related to timeouts when the connection goes down and are unrelated to the shell on the remote host and what the user is doing or not doing there.
To dump the sshd configuration, use the "extended test mode" as root:
sshd -T
This is documented in the sshd(8) manual (looking at OpenSSH_7.7, LibreSSL 2.7.2 on OpenBSD here):
-T
Extended test mode. Check the validity of the configuration
file, output the effective configuration to stdout and then exit.
Optionally, Match rules may be applied by specifying the
connection parameters using one or more-Coptions.
This option was added to sshd for OpenSSH 5.1/5.1p1 in 2008.
answered Apr 12 at 15:35
Kusalananda
108k14209333
add a comment |Â
up vote
0
down vote
if the requirement is close ssh connection after an inactivity, TMOUT in user profile is the option
TMOUT: If set to a value greater than zero, TMOUT is treated as
the
default timeout for the read builtin. The select command terminates
if input does not arrive after TMOUT seconds when input is coming
from a terminal. In an interactive shell, the value is
interpreted as the number of seconds to wait for input after issuing
the primary prompt. Bash terminates after waiting for that number of
seconds if input does not arrive.
test this by running export $TMOUT=10 and wait for 10 sec to close the connection.
edited Sep 27 at 13:11
αғsýιη
16k92563
answered Apr 12 at 15:27
Sandeep kumar singh
1
add a comment |Â
up vote
-1
down vote
If you want the timeout to be 10 seconds for everyone, do the following for the server config (sshd_config):
ClientAliveInterval 10
ClientAliveCountMax 0
If you want the timeout to be 10 seconds for local clients, do the following for the client config (ssh_config):
ServerAliveInterval 10
ServerAliveCountMax 0
If the AliveCountMax parameter is non-zero, it probably won't work because the server will reply resetting the timer (unless there's a connection problem). You can see this by running the ssh client with debugging turned on.
answered Mar 3 '17 at 18:35
JohnA
1
Pure nonsense it is.
– Piotr Dobrogost
Nov 13 '17 at 15:51
add a comment |Â
5 Answers
5
active
oldest
votes
5 Answers
5
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
20
down vote
The commented lines in sshd_config usually display the defaults. This is the case with all of the lines in your question. You can verify this in the sshd_config manpage. Here are the relevant snippets:
TCPKeepAlive
Specifies whether the system should send TCP keepalive messages to the other side. If they are sent, death of the
connection or crash of one of the machines will be properly noticed. However, this means that connections will die
if the route is down temporarily, and some people find it annoying. On the other hand, if TCP keepalives are not
sent, sessions may hang indefinitely on the server, leaving “ghost†users and consuming server resources.
The default is “yes†(to send TCP keepalive messages), and the server will notice if the network goes down or the
client host crashes. This avoids infinitely hanging sessions.
To disable TCP keepalive messages, the value should be set to “noâ€Â.
This option was formerly called
KeepAlive.
ClientAliveCountMax
Sets the number of client alive messages (see below) which may be sent without sshd(8) receiving any messages back
from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the
client, terminating the session. It is important to note that the use of client alive messages is very different
fromTCPKeepAlive(below)(above). The client alive messages are sent through the encrypted channel and therefore will not
be spoofable. The TCP keepalive option enabled byTCPKeepAliveis spoofable. The client alive mechanism is
valuable when the client or server depend on knowing when a connection has become inactive.
The default value is 3. If
ClientAliveInterval(see below) is set to 15, andClientAliveCountMaxis left at the
default, unresponsive SSH clients will be disconnected after approximately 45 seconds. This option applies to protocol version 2 only.
ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a
message through the encrypted channel to request a response from the client. The default is 0, indicating that
these messages will not be sent to the client. This option applies to protocol version 2 only.
edited Mar 12 at 22:11
G-Man
11.9k92658
answered Aug 15 '14 at 14:24
jordanm
29.3k27891
Correct me if wrong, but if there was no firewall in between me and the machine (w/ default configs), then I'd never be disconnected? I know our firewall drops idle TCP connections after 60 minutes, so that's where the closing idle connections is happening. I just wanted to check and see if OpenSSH itself explicitly closes sessions. I think the answer is No, openssh does not explicitly close idle connections, but firewalls typically do. The settings mentioned in your answer actually help to persist the connection or to properly terminate the session if it sees it's been dropped.
– Banjer
Aug 15 '14 at 15:31
2
The quoted text says that the default for ClientAliveInterval is 0, which means that it doesn't define a time interval for which a connection stays open. And yet we know that the time interval has some finite value by default. Therefore it seems that there must be some other parameter that sets how long the connection stays open by default. If my analysis above is correct, then suppose both server and client are linux machines running openssh, and both are using all the defaults. In this case which side sets the default, what is its value, and where is it set?
– Ben Crowell
Apr 8 '15 at 20:09
1
@BenCrowell And yet we know that the time interval has some finite value by default. What time interval and how do you know this?
– Piotr Dobrogost
Nov 13 '17 at 8:21
add a comment |Â
up vote
20
down vote
The commented lines in sshd_config usually display the defaults. This is the case with all of the lines in your question. You can verify this in the sshd_config manpage. Here are the relevant snippets:
TCPKeepAlive
Specifies whether the system should send TCP keepalive messages to the other side. If they are sent, death of the
connection or crash of one of the machines will be properly noticed. However, this means that connections will die
if the route is down temporarily, and some people find it annoying. On the other hand, if TCP keepalives are not
sent, sessions may hang indefinitely on the server, leaving “ghost†users and consuming server resources.
The default is “yes†(to send TCP keepalive messages), and the server will notice if the network goes down or the
client host crashes. This avoids infinitely hanging sessions.
To disable TCP keepalive messages, the value should be set to “noâ€Â.
This option was formerly called
KeepAlive.
ClientAliveCountMax
Sets the number of client alive messages (see below) which may be sent without sshd(8) receiving any messages back
from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the
client, terminating the session. It is important to note that the use of client alive messages is very different
fromTCPKeepAlive(below)(above). The client alive messages are sent through the encrypted channel and therefore will not
be spoofable. The TCP keepalive option enabled byTCPKeepAliveis spoofable. The client alive mechanism is
valuable when the client or server depend on knowing when a connection has become inactive.
The default value is 3. If
ClientAliveInterval(see below) is set to 15, andClientAliveCountMaxis left at the
default, unresponsive SSH clients will be disconnected after approximately 45 seconds. This option applies to protocol version 2 only.
ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a
message through the encrypted channel to request a response from the client. The default is 0, indicating that
these messages will not be sent to the client. This option applies to protocol version 2 only.
edited Mar 12 at 22:11
G-Man
11.9k92658
answered Aug 15 '14 at 14:24
jordanm
29.3k27891
Correct me if wrong, but if there was no firewall in between me and the machine (w/ default configs), then I'd never be disconnected? I know our firewall drops idle TCP connections after 60 minutes, so that's where the closing idle connections is happening. I just wanted to check and see if OpenSSH itself explicitly closes sessions. I think the answer is No, openssh does not explicitly close idle connections, but firewalls typically do. The settings mentioned in your answer actually help to persist the connection or to properly terminate the session if it sees it's been dropped.
– Banjer
Aug 15 '14 at 15:31
2
The quoted text says that the default for ClientAliveInterval is 0, which means that it doesn't define a time interval for which a connection stays open. And yet we know that the time interval has some finite value by default. Therefore it seems that there must be some other parameter that sets how long the connection stays open by default. If my analysis above is correct, then suppose both server and client are linux machines running openssh, and both are using all the defaults. In this case which side sets the default, what is its value, and where is it set?
– Ben Crowell
Apr 8 '15 at 20:09
1
@BenCrowell And yet we know that the time interval has some finite value by default. What time interval and how do you know this?
– Piotr Dobrogost
Nov 13 '17 at 8:21
add a comment |Â
up vote
20
down vote
up vote
20
down vote
The commented lines in sshd_config usually display the defaults. This is the case with all of the lines in your question. You can verify this in the sshd_config manpage. Here are the relevant snippets:
TCPKeepAlive
Specifies whether the system should send TCP keepalive messages to the other side. If they are sent, death of the
connection or crash of one of the machines will be properly noticed. However, this means that connections will die
if the route is down temporarily, and some people find it annoying. On the other hand, if TCP keepalives are not
sent, sessions may hang indefinitely on the server, leaving “ghost†users and consuming server resources.
The default is “yes†(to send TCP keepalive messages), and the server will notice if the network goes down or the
client host crashes. This avoids infinitely hanging sessions.
To disable TCP keepalive messages, the value should be set to “noâ€Â.
This option was formerly called
KeepAlive.
ClientAliveCountMax
Sets the number of client alive messages (see below) which may be sent without sshd(8) receiving any messages back
from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the
client, terminating the session. It is important to note that the use of client alive messages is very different
fromTCPKeepAlive(below)(above). The client alive messages are sent through the encrypted channel and therefore will not
be spoofable. The TCP keepalive option enabled byTCPKeepAliveis spoofable. The client alive mechanism is
valuable when the client or server depend on knowing when a connection has become inactive.
The default value is 3. If
ClientAliveInterval(see below) is set to 15, andClientAliveCountMaxis left at the
default, unresponsive SSH clients will be disconnected after approximately 45 seconds. This option applies to protocol version 2 only.
ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a
message through the encrypted channel to request a response from the client. The default is 0, indicating that
these messages will not be sent to the client. This option applies to protocol version 2 only.
edited Mar 12 at 22:11
G-Man
11.9k92658
answered Aug 15 '14 at 14:24
jordanm
29.3k27891
The commented lines in sshd_config usually display the defaults. This is the case with all of the lines in your question. You can verify this in the sshd_config manpage. Here are the relevant snippets:
TCPKeepAlive
Specifies whether the system should send TCP keepalive messages to the other side. If they are sent, death of the
connection or crash of one of the machines will be properly noticed. However, this means that connections will die
if the route is down temporarily, and some people find it annoying. On the other hand, if TCP keepalives are not
sent, sessions may hang indefinitely on the server, leaving “ghost†users and consuming server resources.
The default is “yes†(to send TCP keepalive messages), and the server will notice if the network goes down or the
client host crashes. This avoids infinitely hanging sessions.
To disable TCP keepalive messages, the value should be set to “noâ€Â.
This option was formerly called
KeepAlive.
ClientAliveCountMax
Sets the number of client alive messages (see below) which may be sent without sshd(8) receiving any messages back
from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the
client, terminating the session. It is important to note that the use of client alive messages is very different
fromTCPKeepAlive(below)(above). The client alive messages are sent through the encrypted channel and therefore will not
be spoofable. The TCP keepalive option enabled byTCPKeepAliveis spoofable. The client alive mechanism is
valuable when the client or server depend on knowing when a connection has become inactive.
The default value is 3. If
ClientAliveInterval(see below) is set to 15, andClientAliveCountMaxis left at the
default, unresponsive SSH clients will be disconnected after approximately 45 seconds. This option applies to protocol version 2 only.
ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a
message through the encrypted channel to request a response from the client. The default is 0, indicating that
these messages will not be sent to the client. This option applies to protocol version 2 only.
edited Mar 12 at 22:11
G-Man
11.9k92658
answered Aug 15 '14 at 14:24
jordanm
29.3k27891
edited Mar 12 at 22:11
G-Man
11.9k92658
edited Mar 12 at 22:11
G-Man
11.9k92658
edited Mar 12 at 22:11
G-Man
11.9k92658
11.9k92658
answered Aug 15 '14 at 14:24
jordanm
29.3k27891
answered Aug 15 '14 at 14:24
jordanm
29.3k27891
answered Aug 15 '14 at 14:24
jordanm
29.3k27891
29.3k27891
Correct me if wrong, but if there was no firewall in between me and the machine (w/ default configs), then I'd never be disconnected? I know our firewall drops idle TCP connections after 60 minutes, so that's where the closing idle connections is happening. I just wanted to check and see if OpenSSH itself explicitly closes sessions. I think the answer is No, openssh does not explicitly close idle connections, but firewalls typically do. The settings mentioned in your answer actually help to persist the connection or to properly terminate the session if it sees it's been dropped.
– Banjer
Aug 15 '14 at 15:31
2
The quoted text says that the default for ClientAliveInterval is 0, which means that it doesn't define a time interval for which a connection stays open. And yet we know that the time interval has some finite value by default. Therefore it seems that there must be some other parameter that sets how long the connection stays open by default. If my analysis above is correct, then suppose both server and client are linux machines running openssh, and both are using all the defaults. In this case which side sets the default, what is its value, and where is it set?
– Ben Crowell
Apr 8 '15 at 20:09
1
@BenCrowell And yet we know that the time interval has some finite value by default. What time interval and how do you know this?
– Piotr Dobrogost
Nov 13 '17 at 8:21
add a comment |Â
Correct me if wrong, but if there was no firewall in between me and the machine (w/ default configs), then I'd never be disconnected? I know our firewall drops idle TCP connections after 60 minutes, so that's where the closing idle connections is happening. I just wanted to check and see if OpenSSH itself explicitly closes sessions. I think the answer is No, openssh does not explicitly close idle connections, but firewalls typically do. The settings mentioned in your answer actually help to persist the connection or to properly terminate the session if it sees it's been dropped.
– Banjer
Aug 15 '14 at 15:31
2
The quoted text says that the default for ClientAliveInterval is 0, which means that it doesn't define a time interval for which a connection stays open. And yet we know that the time interval has some finite value by default. Therefore it seems that there must be some other parameter that sets how long the connection stays open by default. If my analysis above is correct, then suppose both server and client are linux machines running openssh, and both are using all the defaults. In this case which side sets the default, what is its value, and where is it set?
– Ben Crowell
Apr 8 '15 at 20:09
1
@BenCrowell And yet we know that the time interval has some finite value by default. What time interval and how do you know this?
– Piotr Dobrogost
Nov 13 '17 at 8:21
Correct me if wrong, but if there was no firewall in between me and the machine (w/ default configs), then I'd never be disconnected? I know our firewall drops idle TCP connections after 60 minutes, so that's where the closing idle connections is happening. I just wanted to check and see if OpenSSH itself explicitly closes sessions. I think the answer is No, openssh does not explicitly close idle connections, but firewalls typically do. The settings mentioned in your answer actually help to persist the connection or to properly terminate the session if it sees it's been dropped.
– Banjer
Aug 15 '14 at 15:31
Correct me if wrong, but if there was no firewall in between me and the machine (w/ default configs), then I'd never be disconnected? I know our firewall drops idle TCP connections after 60 minutes, so that's where the closing idle connections is happening. I just wanted to check and see if OpenSSH itself explicitly closes sessions. I think the answer is No, openssh does not explicitly close idle connections, but firewalls typically do. The settings mentioned in your answer actually help to persist the connection or to properly terminate the session if it sees it's been dropped.
– Banjer
Aug 15 '14 at 15:31
2
2
The quoted text says that the default for ClientAliveInterval is 0, which means that it doesn't define a time interval for which a connection stays open. And yet we know that the time interval has some finite value by default. Therefore it seems that there must be some other parameter that sets how long the connection stays open by default. If my analysis above is correct, then suppose both server and client are linux machines running openssh, and both are using all the defaults. In this case which side sets the default, what is its value, and where is it set?
– Ben Crowell
Apr 8 '15 at 20:09
The quoted text says that the default for ClientAliveInterval is 0, which means that it doesn't define a time interval for which a connection stays open. And yet we know that the time interval has some finite value by default. Therefore it seems that there must be some other parameter that sets how long the connection stays open by default. If my analysis above is correct, then suppose both server and client are linux machines running openssh, and both are using all the defaults. In this case which side sets the default, what is its value, and where is it set?
– Ben Crowell
Apr 8 '15 at 20:09
1
1
@BenCrowell And yet we know that the time interval has some finite value by default. What time interval and how do you know this?
– Piotr Dobrogost
Nov 13 '17 at 8:21
@BenCrowell And yet we know that the time interval has some finite value by default. What time interval and how do you know this?
– Piotr Dobrogost
Nov 13 '17 at 8:21
add a comment |Â
up vote
7
down vote
You can set up SSH keepalive for either the client or server side:
Client side
File: /etc/ssh/ssh_config
Content:
Host *
ServerAliveInterval XX
ServerAliveCountMax YY
Server side
File: /etc/ssh/sshd_config
Content:
ClientAliveInterval XX
ClientAliveCountMax YY
Extracted from: http://www.sysadmit.com/2016/02/linux-y-vmware-ssh-evitar-desconexion.html
edited Jul 4 '16 at 5:05
Olathe
1565
answered Feb 12 '16 at 22:12
Yamanoteone
7111
5
Useful, but doesn't answer the question in any way.
– bzeaman
Aug 18 '16 at 9:44
add a comment |Â
up vote
7
down vote
You can set up SSH keepalive for either the client or server side:
Client side
File: /etc/ssh/ssh_config
Content:
Host *
ServerAliveInterval XX
ServerAliveCountMax YY
Server side
File: /etc/ssh/sshd_config
Content:
ClientAliveInterval XX
ClientAliveCountMax YY
Extracted from: http://www.sysadmit.com/2016/02/linux-y-vmware-ssh-evitar-desconexion.html
edited Jul 4 '16 at 5:05
Olathe
1565
answered Feb 12 '16 at 22:12
Yamanoteone
7111
5
Useful, but doesn't answer the question in any way.
– bzeaman
Aug 18 '16 at 9:44
add a comment |Â
up vote
7
down vote
up vote
7
down vote
You can set up SSH keepalive for either the client or server side:
Client side
File: /etc/ssh/ssh_config
Content:
Host *
ServerAliveInterval XX
ServerAliveCountMax YY
Server side
File: /etc/ssh/sshd_config
Content:
ClientAliveInterval XX
ClientAliveCountMax YY
Extracted from: http://www.sysadmit.com/2016/02/linux-y-vmware-ssh-evitar-desconexion.html
edited Jul 4 '16 at 5:05
Olathe
1565
answered Feb 12 '16 at 22:12
Yamanoteone
7111
You can set up SSH keepalive for either the client or server side:
Client side
File: /etc/ssh/ssh_config
Content:
Host *
ServerAliveInterval XX
ServerAliveCountMax YY
Server side
File: /etc/ssh/sshd_config
Content:
ClientAliveInterval XX
ClientAliveCountMax YY
Extracted from: http://www.sysadmit.com/2016/02/linux-y-vmware-ssh-evitar-desconexion.html
edited Jul 4 '16 at 5:05
Olathe
1565
answered Feb 12 '16 at 22:12
Yamanoteone
7111
edited Jul 4 '16 at 5:05
Olathe
1565
edited Jul 4 '16 at 5:05
Olathe
1565
edited Jul 4 '16 at 5:05
Olathe
1565
1565
answered Feb 12 '16 at 22:12
Yamanoteone
7111
answered Feb 12 '16 at 22:12
Yamanoteone
7111
answered Feb 12 '16 at 22:12
Yamanoteone
7111
7111
5
Useful, but doesn't answer the question in any way.
– bzeaman
Aug 18 '16 at 9:44
add a comment |Â
5
Useful, but doesn't answer the question in any way.
– bzeaman
Aug 18 '16 at 9:44
5
5
Useful, but doesn't answer the question in any way.
– bzeaman
Aug 18 '16 at 9:44
Useful, but doesn't answer the question in any way.
– bzeaman
Aug 18 '16 at 9:44
add a comment |Â
up vote
0
down vote
OpenSSH will not terminate a shell session that has been idle for some time. This is not something that OpenSSH does. Terminating an idle shell session is unrelated to the configuration of OpenSSH.
The settings that you are showing are related to timeouts when the connection goes down and are unrelated to the shell on the remote host and what the user is doing or not doing there.
To dump the sshd configuration, use the "extended test mode" as root:
sshd -T
This is documented in the sshd(8) manual (looking at OpenSSH_7.7, LibreSSL 2.7.2 on OpenBSD here):
-T
Extended test mode. Check the validity of the configuration
file, output the effective configuration to stdout and then exit.
Optionally, Match rules may be applied by specifying the
connection parameters using one or more-Coptions.
This option was added to sshd for OpenSSH 5.1/5.1p1 in 2008.
answered Apr 12 at 15:35
Kusalananda
108k14209333
add a comment |Â
up vote
0
down vote
OpenSSH will not terminate a shell session that has been idle for some time. This is not something that OpenSSH does. Terminating an idle shell session is unrelated to the configuration of OpenSSH.
The settings that you are showing are related to timeouts when the connection goes down and are unrelated to the shell on the remote host and what the user is doing or not doing there.
To dump the sshd configuration, use the "extended test mode" as root:
sshd -T
This is documented in the sshd(8) manual (looking at OpenSSH_7.7, LibreSSL 2.7.2 on OpenBSD here):
-T
Extended test mode. Check the validity of the configuration
file, output the effective configuration to stdout and then exit.
Optionally, Match rules may be applied by specifying the
connection parameters using one or more-Coptions.
This option was added to sshd for OpenSSH 5.1/5.1p1 in 2008.
answered Apr 12 at 15:35
Kusalananda
108k14209333
add a comment |Â
up vote
0
down vote
up vote
0
down vote
OpenSSH will not terminate a shell session that has been idle for some time. This is not something that OpenSSH does. Terminating an idle shell session is unrelated to the configuration of OpenSSH.
The settings that you are showing are related to timeouts when the connection goes down and are unrelated to the shell on the remote host and what the user is doing or not doing there.
To dump the sshd configuration, use the "extended test mode" as root:
sshd -T
This is documented in the sshd(8) manual (looking at OpenSSH_7.7, LibreSSL 2.7.2 on OpenBSD here):
-T
Extended test mode. Check the validity of the configuration
file, output the effective configuration to stdout and then exit.
Optionally, Match rules may be applied by specifying the
connection parameters using one or more-Coptions.
This option was added to sshd for OpenSSH 5.1/5.1p1 in 2008.
answered Apr 12 at 15:35
Kusalananda
108k14209333
OpenSSH will not terminate a shell session that has been idle for some time. This is not something that OpenSSH does. Terminating an idle shell session is unrelated to the configuration of OpenSSH.
The settings that you are showing are related to timeouts when the connection goes down and are unrelated to the shell on the remote host and what the user is doing or not doing there.
To dump the sshd configuration, use the "extended test mode" as root:
sshd -T
This is documented in the sshd(8) manual (looking at OpenSSH_7.7, LibreSSL 2.7.2 on OpenBSD here):
-T
Extended test mode. Check the validity of the configuration
file, output the effective configuration to stdout and then exit.
Optionally, Match rules may be applied by specifying the
connection parameters using one or more-Coptions.
This option was added to sshd for OpenSSH 5.1/5.1p1 in 2008.
answered Apr 12 at 15:35
Kusalananda
108k14209333
edited Apr 12 at 16:15
answered Apr 12 at 15:35
Kusalananda
108k14209333
answered Apr 12 at 15:35
Kusalananda
108k14209333
answered Apr 12 at 15:35
Kusalananda
108k14209333
108k14209333
add a comment |Â
add a comment |Â
up vote
0
down vote
if the requirement is close ssh connection after an inactivity, TMOUT in user profile is the option
TMOUT: If set to a value greater than zero, TMOUT is treated as
the
default timeout for the read builtin. The select command terminates
if input does not arrive after TMOUT seconds when input is coming
from a terminal. In an interactive shell, the value is
interpreted as the number of seconds to wait for input after issuing
the primary prompt. Bash terminates after waiting for that number of
seconds if input does not arrive.
test this by running export $TMOUT=10 and wait for 10 sec to close the connection.
edited Sep 27 at 13:11
αғsýιη
16k92563
answered Apr 12 at 15:27
Sandeep kumar singh
1
add a comment |Â
up vote
0
down vote
if the requirement is close ssh connection after an inactivity, TMOUT in user profile is the option
TMOUT: If set to a value greater than zero, TMOUT is treated as
the
default timeout for the read builtin. The select command terminates
if input does not arrive after TMOUT seconds when input is coming
from a terminal. In an interactive shell, the value is
interpreted as the number of seconds to wait for input after issuing
the primary prompt. Bash terminates after waiting for that number of
seconds if input does not arrive.
test this by running export $TMOUT=10 and wait for 10 sec to close the connection.
edited Sep 27 at 13:11
αғsýιη
16k92563
answered Apr 12 at 15:27
Sandeep kumar singh
1
add a comment |Â
up vote
0
down vote
up vote
0
down vote
if the requirement is close ssh connection after an inactivity, TMOUT in user profile is the option
TMOUT: If set to a value greater than zero, TMOUT is treated as
the
default timeout for the read builtin. The select command terminates
if input does not arrive after TMOUT seconds when input is coming
from a terminal. In an interactive shell, the value is
interpreted as the number of seconds to wait for input after issuing
the primary prompt. Bash terminates after waiting for that number of
seconds if input does not arrive.
test this by running export $TMOUT=10 and wait for 10 sec to close the connection.
edited Sep 27 at 13:11
αғsýιη
16k92563
answered Apr 12 at 15:27
Sandeep kumar singh
1
if the requirement is close ssh connection after an inactivity, TMOUT in user profile is the option
TMOUT: If set to a value greater than zero, TMOUT is treated as
the
default timeout for the read builtin. The select command terminates
if input does not arrive after TMOUT seconds when input is coming
from a terminal. In an interactive shell, the value is
interpreted as the number of seconds to wait for input after issuing
the primary prompt. Bash terminates after waiting for that number of
seconds if input does not arrive.
test this by running export $TMOUT=10 and wait for 10 sec to close the connection.
edited Sep 27 at 13:11
αғsýιη
16k92563
answered Apr 12 at 15:27
Sandeep kumar singh
1
edited Sep 27 at 13:11
αғsýιη
16k92563
edited Sep 27 at 13:11
αғsýιη
16k92563
edited Sep 27 at 13:11
αғsýιη
16k92563
16k92563
answered Apr 12 at 15:27
Sandeep kumar singh
1
answered Apr 12 at 15:27
Sandeep kumar singh
1
answered Apr 12 at 15:27
Sandeep kumar singh
1
1
add a comment |Â
add a comment |Â
up vote
-1
down vote
If you want the timeout to be 10 seconds for everyone, do the following for the server config (sshd_config):
ClientAliveInterval 10
ClientAliveCountMax 0
If you want the timeout to be 10 seconds for local clients, do the following for the client config (ssh_config):
ServerAliveInterval 10
ServerAliveCountMax 0
If the AliveCountMax parameter is non-zero, it probably won't work because the server will reply resetting the timer (unless there's a connection problem). You can see this by running the ssh client with debugging turned on.
answered Mar 3 '17 at 18:35
JohnA
1
Pure nonsense it is.
– Piotr Dobrogost
Nov 13 '17 at 15:51
add a comment |Â
up vote
-1
down vote
If you want the timeout to be 10 seconds for everyone, do the following for the server config (sshd_config):
ClientAliveInterval 10
ClientAliveCountMax 0
If you want the timeout to be 10 seconds for local clients, do the following for the client config (ssh_config):
ServerAliveInterval 10
ServerAliveCountMax 0
If the AliveCountMax parameter is non-zero, it probably won't work because the server will reply resetting the timer (unless there's a connection problem). You can see this by running the ssh client with debugging turned on.
answered Mar 3 '17 at 18:35
JohnA
1
Pure nonsense it is.
– Piotr Dobrogost
Nov 13 '17 at 15:51
add a comment |Â
up vote
-1
down vote
up vote
-1
down vote
If you want the timeout to be 10 seconds for everyone, do the following for the server config (sshd_config):
ClientAliveInterval 10
ClientAliveCountMax 0
If you want the timeout to be 10 seconds for local clients, do the following for the client config (ssh_config):
ServerAliveInterval 10
ServerAliveCountMax 0
If the AliveCountMax parameter is non-zero, it probably won't work because the server will reply resetting the timer (unless there's a connection problem). You can see this by running the ssh client with debugging turned on.
answered Mar 3 '17 at 18:35
JohnA
1
If you want the timeout to be 10 seconds for everyone, do the following for the server config (sshd_config):
ClientAliveInterval 10
ClientAliveCountMax 0
If you want the timeout to be 10 seconds for local clients, do the following for the client config (ssh_config):
ServerAliveInterval 10
ServerAliveCountMax 0
If the AliveCountMax parameter is non-zero, it probably won't work because the server will reply resetting the timer (unless there's a connection problem). You can see this by running the ssh client with debugging turned on.
answered Mar 3 '17 at 18:35
JohnA
1
answered Mar 3 '17 at 18:35
JohnA
1
answered Mar 3 '17 at 18:35
JohnA
1
answered Mar 3 '17 at 18:35
JohnA
1
1
Pure nonsense it is.
– Piotr Dobrogost
Nov 13 '17 at 15:51
add a comment |Â
Pure nonsense it is.
– Piotr Dobrogost
Nov 13 '17 at 15:51
Pure nonsense it is.
– Piotr Dobrogost
Nov 13 '17 at 15:51
Pure nonsense it is.
– Piotr Dobrogost
Nov 13 '17 at 15:51
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f150402%2fwhat-is-the-default-idle-timeout-for-openssh%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
2
Some shells can be set to exit after a timeout. That would cause the ssh session to terminate. Check whether your TMOUT environment variable is set.
– Kenster
Aug 20 '14 at 18:38