Solved

SSH Secure Software

Posted on 2007-11-29
42
986 Views
Last Modified: 2013-12-04
Hello group,

I'm using SSH Secure Shell(Version 3.29) to connect from a Windows machine to a Linux server. The problem is that it loses the connection when I leave my system for 1 hours or so. How can I increase this period to 2 hours at least? or there is a setting that I can do on server side?


Regards,
ak
0
Comment
Question by:akohan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 16
  • 8
  • 5
  • +5
42 Comments
 
LVL 88

Expert Comment

by:rindi
ID: 20376291
Check the following Link:

http://openssh.org/faq.html#2.12
0
 
LVL 48

Expert Comment

by:Tintin
ID: 20376461
The SSH client should have some keepalive option you can set.  It's generally easier to set it from the client side, rather the server side.
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 20376492
Check your ssh daemon, may be located in /etc/ssh/sshd_config and see if you have the IdleTimeout specified:

IdleTimeout time
    Sets idle timeout limit to time in seconds (s or nothing afternumber), in minutes (m), in hours (h), in days (d), or in weeks (w).If the connection have been idle (all channels) for that long time thechild process is killed with SIGHUP, and connection is closed down.

If IdleTimeout is not specified in the server ssh daemon, then it's your client is most likely configured to terminate the connection after a specified idle time.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:akohan
ID: 20376982

Yes, that is what I did before but I didn't find any parameter on client's side setting. Regarding server side I found the file as RINDI had suggested and the value assigned to CleitnAliveInterval is 0. Should I chagne to 1 or .... ?

Regards,
ak
0
 

Author Comment

by:akohan
ID: 20376992

No I don't have IdelTimeOut in there.

Thanks,
ak
0
 

Author Comment

by:akohan
ID: 20377004


But I do see:

#LoginGraceTime 2m

this works?

0
 
LVL 48

Expert Comment

by:Tintin
ID: 20377118
   ClientAliveInterval

         Sets a timeout interval in seconds after  which,  if  no
         data  has  been  received  from the client, sshd sends a
         message through  the  encrypted  channel  to  request  a
         response  from  the client. The default is 0, indicating
         that these messages will not be sent to the client. This
         option applies only to protocol version 2.

     LoginGraceTime

         The server disconnects after this time (in  seconds)  if
         the user has not successfully logged in. If the value is
         0, there is no time limit. The default is 120 (seconds).
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20377146
Hi,

You may set it like

ClientAliveInterval 300

here 300 seconds = 5 min
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 20392693
to override setup configuration and be able to come back later to a server I'm connected to, I use

idle.ksh:
#! /bin/ksh
clear
echo "Idle running. hit ctrl-c to exit"
while :;do
  sleep 5
done

and start the program...

HTH
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 20392977
there may be a couple of reasons ..
first start with your client's ssh config:

  KeppAlive no

then you need to instruct your shell to ignore the idle logout (if possible):

  unset TMOUT
  TMOUT=0
  unset autologout
  unsetenv TCSH_SHELL_AUTOLOGOUT
(above depends on your shell)

then you have to check your server's sshd_config:

  ClientAliveInterval 0

and if all that fails you have to consult the admin of your workstation and the server to tweak TCP/IP kernel settings.
0
 
LVL 62

Expert Comment

by:gheist
ID: 20426200
You should be using PuTTY instead.
0
 

Author Comment

by:akohan
ID: 20520411

Yes, I gave up on this game so I used putty but same thing happens. I'm sure there must be a setting on server side. So the solution wasn't putty too :(

Thanks anyway.

0
 

Author Comment

by:akohan
ID: 20520421

Now, I'm checking the server side parameter LoginGraceTime as was pointed out by Tintin. I will get back to you guys soon. Sorry for the delay I have been busy with school exams.

Regards,
ak
0
 

Author Comment

by:akohan
ID: 20523346

No. unfrotunately LoginGraceTime doesn't work either. Any other comment on how to avoid getting kicked out when a there is on activity on client side? I need a connection which stays as long as I have not logged out.

Thanks,
ak
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20523362
One old trick I use to do, is to have a script that will send a message to the terminal when I am not working on it to keep the session live.

e.g.

while true
do
   echo "-.-.-."
   sleep 60
done
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 20523901
did you read http:#20392977 ?

a simple workaround to keep an idle terminal bussy
  ping -i 299 127.0.0.42
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 20526264
As I said... a script called idle was my most practical solution
0
 

Author Comment

by:akohan
ID: 20526304

Thanks for your response but how about other users I know in my working place dont' have such problem? they don't use any script and using the same client ?

Regards,
ak
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 20526781
> .. they don't use any script
.. simply 'cause they did what I already suggested :-))
0
 

Author Comment

by:akohan
ID: 20574966

Would you please tell me what script are you talking about?

Thanks,
ak
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 20575222
check my comment #20392693
0
 
LVL 62

Expert Comment

by:gheist
ID: 20575469
Let me suggest you get putty ssh client that supports keep-alive from client side.
Old SSH.COM client is no better than any other legacy software.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 20581140
> Would you please tell me what script are you talking about?
click here --> http:#20392977
0
 

Author Comment

by:akohan
ID: 20585416

I see there:

#TCPKeepAlive yes

but it seems it is commented out.  and I'm wondering if it is exactly what you had pointed out!

Any comments?

Thanks,
ak

0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20585456
Uncomment the line and see if you get what you want.

0
 

Author Comment

by:akohan
ID: 20585777

I believe it is already commented out since has a # in advnace.

Any comments?
0
 
LVL 62

Expert Comment

by:gheist
ID: 20585921
Option you mention is enabled by default. Your firewall drops connections with this option set.
     ClientAliveCountMax
             Sets the number of client alive messages (see below) which may be
             sent without sshd(8) receiving any messages back from the client.
             If this threshold is reached while client alive messages are be-
             ing sent, sshd will disconnect the client, terminating the ses-
             sion.  It is important to note that the use of client alive mes-
             sages is very different from TCPKeepAlive (below).  The client
             alive messages are sent through the encrypted channel and there-
             fore will not be spoofable.  The TCP keepalive option enabled by
             TCPKeepAlive is spoofable.  The client alive mechanism is valu-
             able when the client or server depend on knowing when a connec-
             tion has become inactive.

             The default value is 3.  If ClientAliveInterval (see below) is
             set to 15, and ClientAliveCountMax is left at the default, unre-
             sponsive SSH clients will be disconnected after approximately 45
             seconds.  This option applies to protocol version 2 only.

     ClientAliveInterval
             Sets a timeout interval in seconds after which if no data has
             been received from the client, sshd(8) will send a message
             through the encrypted channel to request a response from the
             client.  The default is 0, indicating that these messages will
             not be sent to the client.  This option applies to protocol ver-
             sion 2 only.

Make sure you set Protocol 2 instead of Protocol 2,1 to mak sure you connect using this option
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20585925
I mean remove the # :)
0
 
LVL 62

Expert Comment

by:gheist
ID: 20586284
openssh server's default config file has default configuration options commented out. No need to reduntantly enable them.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 20586338
gheist, do you know how that server in question was compiled? I doubt.
Anyway, I believe it's a default one until someone checked all possibilities.
0
 
LVL 62

Expert Comment

by:gheist
ID: 20586629
When portable openssh is compiled and installed it generates config file with default options all commented out.
0
 

Author Comment

by:akohan
ID: 20633108

I have applied those changes to the sshd.conf and currently testing it.

Thanks for your help.
0
 
LVL 62

Expert Comment

by:gheist
ID: 20636778
Have you restarted sshd after "applying" config change?

Hint: /etc/init.d/sshd restart
0
 

Author Comment

by:akohan
ID: 20638705

NO! thanks for sharing this.
0
 

Author Comment

by:akohan
ID: 20666131

Unfortunately, still the connection drops. Any comments?

Thanks,
ak


0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20666281
Did you try running

while true
do
   echo "-.-.-."
   sleep 60
done

0
 

Author Comment

by:akohan
ID: 20667807

Not yet!  but where should I place this code at?

0
 
LVL 62

Expert Comment

by:gheist
ID: 20667842
In terminal.
Does connection drop when you use putty ssh client?
0
 

Author Comment

by:akohan
ID: 20668104

I've used Putty, SecureCRT, Secure Shell Client so far. Doesn't matter what client application I use it will drop the connection.

0
 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 20670326
So your firewall just drops connection after some predefinded time. There is nothing you can do. Ask firewall admin to fix.
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 20675872
please try omarfarid's suggestion or mine. both try to start a program in order to maintain the packet flow on the network and thus avoid disconnection.

0
 

Author Comment

by:akohan
ID: 20694465

I guess there is no answer for this question and the only thing which works here is the firewall issue.

Thanks for your time.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question