Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

set OpenSSH timeout for inactive connections

Posted on 2006-07-24
26
Medium Priority
?
895 Views
Last Modified: 2008-01-09
My SSH sessions keep getting disconnected after ~20 minutes of inactivity. My server runs Debian and OpenSSH, and so far I haven't changed any settings or initialization scripts related to ssh. How can I set disallow timeouts due to insufficient use of the connection?

Thanks.
0
Comment
Question by:BerkeleyJeff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 8
  • 4
  • +2
26 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 17165942
in ~/.ssh/config
  KeepAlive no

in /etc/ssh/sshd_config
  KeepAlive no
0
 
LVL 43

Accepted Solution

by:
ravenpl earned 2000 total points
ID: 17165951
on server side
/etc/ssh/sshd_config

     ClientAliveInterval
             Sets a timeout interval in seconds after which if no data has been received from the client, sshd will send a message through
             the encrypted channel to request a response from the client.  The default is 0, indicating that these messages will not be sent
             to the client.  This option applies to protocol version 2 only.

on client side
/etc/ssh/ssh_config or ~/.ssh/config
     ServerAliveInterval
             Sets a timeout interval in seconds after which if no data has been received from the server, ssh will send a message through
             the encrypted channel to request a response from the server.  The default is 0, indicating that these messages will not be sent
             to the server.  This option applies to protocol version 2 only.
0
 

Author Comment

by:BerkeleyJeff
ID: 17166012
My sshd_config file doesn't have 'ClientAliveInterval' in it. It does have 'KeepAlive' set to 'Yes', but could that be my problem? The server isn't supposed to disconnect upon the keepAlive, as long as the client is still connected, right? I thought KeepAlive was more to detect dropped connections.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 17166632
> It does have 'KeepAlive' set to 'Yes', but could that be my problem?
yes
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 17166645
> How can I set disallow timeouts due to insufficient use of the connection?
I understand, that the connection is broken, and the author want it alive. Right?
0
 

Author Comment

by:BerkeleyJeff
ID: 17168698
So I switched KeepAlive from 'Yes' to 'No', but I still get disconnected frequently. Here's a typical error message:

> Read from remote host metaglossary.com: Connection reset by peer
Connection to metaglossary.com closed.


Are there some other settings that might be responsible?
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 17168772
Yes - I proposed some in my first comment.
0
 
LVL 11

Expert Comment

by:kblack05
ID: 17169334
You might also be seing a firewall or socket timeout, which will typically ignore keepalive settings.

you can check one of the /proc settings for tcp timeouts with a command like this:

less /proc/sys/net/ipv4/tcp_keepalive_time

it will probably be around 7200 (i.e. 2 hours)
if you like, you can reset the timeout by echoing to /proc/sys/net/ipv4/tcp_keepalive_time

example:
echo -n  43200 > less /proc/sys/net/ipv4/tcp_keepalive_time
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 17169797
firewall or kernel problem, as already said
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 17169984
Yep, and ClientAliveInterval/ServerAliveInterval should fix it up.
Alternative: run following script while leaving session alone
while true; do echo -n "."; sleep 60; done
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 17170271
.. or
  ping -i 42 localhost
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 17654698
I guess my comments was on the right track, and are ssh based only.
messing with ernel timeouts would do, if they are done on the firewall - not peer system.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 17657971
hmm, we could dispute the henn-egg problem which means KeepAlive and ClientAliveInterval/ServerAliveInterval here.
But the problem turns out to be network and not ssh related.
I'd vote for a 3-way split then.
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 17698009
ahoffmann: how did You get the impression that it's network/firewall problem?
Let me explain:
firewalls may ignore TCP KeepAlive packets, but surealy can't ignore ClientAliveInterval/ServerAliveInterval packets (as it's data based).
any router/firewall on the way may do connection tracking, and therefore messing with TCP stack values on the peer systems will not help.
Also /proc/sys/net/ipv4/tcp_keepalive_time means how often the kernal should send KeepAlive if enabled. Enlarging it shurely will not help!
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 17710895
>  ahoffmann: how did You get the impression that it's network/firewall problem?
see http:#17168698

> firewalls may ..
agreed

> any router/firewall on the way may do ..
agreed and confirms my network assumtion
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 17713308
The point is that ClientAliveInterval/ServerAliveInterval should help - it uses data channel, thus firewall can't cut it out...
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 17713802
> .. thus firewall can't cut it out...
true, the firewall can't cut out the application data, but if the firewall's timeout is less than that configured for ssh it drops the connection before the heart beat is sent.
0
 
LVL 20

Expert Comment

by:Venabili
ID: 17739136
So what we do with the question?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 17745059
I'd still vote for a 3-way split. ravenpl, do you agree?
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 17745089
Whatever - I already said what I'm thinking.
0
 

Author Comment

by:BerkeleyJeff
ID: 17745161
Indeed, the value in  /proc/sys/net/ipv4/tcp_keepalive_time is 7200 (i.e. 2 hours). However, the timeout tends to occur after more like 5 minutes.

Secondly, I have ruled in hardware problems, since I have the same problem with two servers, from any clients. All servers and clients run a minimal distribution of debian linux.

Leaving "top" running (or while true; do echo -n "."; sleep 60; done), keeps the connection from closing. I will try modifying ClientAliveInterval/ServerAliveInterval.

Thanks for help.
0
 

Author Comment

by:BerkeleyJeff
ID: 17745255
I think that when I originally posted this, I was also having network problems. No longer. Now changing these alive intervals seems to solve the problem. Thanks, all.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 17745269
the author's descission is most likely the best ;-)
Thanks for comming back BerkeleyJeff.
0
 
LVL 20

Expert Comment

by:Venabili
ID: 17745716
Thanks for closing ;)
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question