Mark
asked on
How to prevent ssh disconnect?
I have two linux machines, let's call them A and B, and an XP in my lan. When I ssh (using putty) from the XP box to A, it stays connected forever, regardless of whether the session is idle (no terminal I/O) or not.
When I connect to A from putty outside the lan (i.e. from another city via the internet), the session disconnects after some period of time if the session is idle. If it is not idle (e.g. I do a tail -f /var/log/maillog) it stays up.
OK, here's the problem: when I ssh from A to B my session on A times out at right around 1 hour, whether or not the session is idle. So, for example if I ssh to B from A and do a tail -f /var/log/maillog (which *is* what I am doing), the session terminates after 1 hour from login even if the tail is generating output.
How do I stop the session from terminating until I expliclity log off?
When I connect to A from putty outside the lan (i.e. from another city via the internet), the session disconnects after some period of time if the session is idle. If it is not idle (e.g. I do a tail -f /var/log/maillog) it stays up.
OK, here's the problem: when I ssh from A to B my session on A times out at right around 1 hour, whether or not the session is idle. So, for example if I ssh to B from A and do a tail -f /var/log/maillog (which *is* what I am doing), the session terminates after 1 hour from login even if the tail is generating output.
How do I stop the session from terminating until I expliclity log off?
Try this following:
edit /etc/ssh/sshd_config and change the following:
KeepAlive yes
If you change this it will help you little, the actual issue is with your routers connecting other LAN or Internet.
But we can not prevent this...
edit /etc/ssh/sshd_config and change the following:
KeepAlive yes
If you change this it will help you little, the actual issue is with your routers connecting other LAN or Internet.
But we can not prevent this...
ASKER
Do I change the sshd_config to 'KeepAlive yes' on both the client and the server side? btw the linux hosts are both on the LAN side of the router and their IPs are configured in /etc/hosts, so I don't think routers or firewalls are the issue (there is no firewall running on the linux machines ... that I'm aware of).
ASKER
Also both linux sshd_configs are identical. Neither has 'KeepALive yes' and both have 'ConnectTimeout 0':
Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
#
Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
#
/etc/ssh/sshd_config
TCPKeepAlive yes
same into /etc/ssh/ssh_config under Host *
Note, that the linux server itself may have firewall built in (it's common case). My case is when ip_conntrack is in use.
But if it's not the case, then TCPKeepAlive will not fix the thing...
TCPKeepAlive yes
same into /etc/ssh/ssh_config under Host *
Note, that the linux server itself may have firewall built in (it's common case). My case is when ip_conntrack is in use.
But if it's not the case, then TCPKeepAlive will not fix the thing...
just change ths settings in server side. not in client
can you post the full sshd_config file? It will help us to resolve your issue?
"ServerAliveInterval" is another option you can set. It only requires setting on the client side. See "man ssh_config".
PuTTY also has an option similar to this called "Seconds between keepalives (0 to turn off)" under "Connection".
PuTTY also has an option similar to this called "Seconds between keepalives (0 to turn off)" under "Connection".
ASKER
Actually, now that I look at it everything is commented out in the ssh_config file (below). When I do a 'man ssh_config' I don't see a KeepAlive option. I do see a ServerAliveInterval and TCPKeepAlive, but TCPKeepAlive says the default is already 'yes'. I don't think the man page lists all the options. For example, ConnectTimeout is not in the man page.
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfi
# EscapeChar ~
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfi
# EscapeChar ~
In Putty, click on "Connection" and put a number in the field "Sending of null packets to keep the session alive".
ASKER
the XP putty is working fine. My problem is between the two linux system on the local network.
When you're setting up your PuTTy session, load the session, or pick a name, choose the "Connection" category, and change the "Seconds between keepalives" option to about 30, go back to the "Session" category and use the Save button to save the change to the options for the sesion.
The KeepAlive option you can set in sshd_config should not help much, if at all, it just tells the server to enable TCP KeepAlives, and the timeout period for that kind of keepalive is usually hours (you need much more frequent checks to keep your SSH route alive), although a ClientAlive option in sshd_config could help, for instance:
ClientAliveInterval 90
ClientAliveCountMax 4
On OpenSSH sshd causes the server to start requesting a response from the client after 90 seconds, and drops the connection if no data comes in for about 6 minutes
The KeepAlive option you can set in sshd_config should not help much, if at all, it just tells the server to enable TCP KeepAlives, and the timeout period for that kind of keepalive is usually hours (you need much more frequent checks to keep your SSH route alive), although a ClientAlive option in sshd_config could help, for instance:
ClientAliveInterval 90
ClientAliveCountMax 4
On OpenSSH sshd causes the server to start requesting a response from the client after 90 seconds, and drops the connection if no data comes in for about 6 minutes
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If there is no traffic on the connection, firewall throws the onnection off it guts. Next packets (belonging to the connection) will be dropped.
Now, ssh supports something like TCPKeepAlive. But You must set it to true on both server and the client(otherwise server would reject TCPKeepAlive packets, and the client would stop sending them).