Solved

SSH Secure Software

Posted on 2007-11-29
42
940 Views
Last Modified: 2013-12-04
Hello group,

I'm using SSH Secure Shell(Version 3.29) to connect from a Windows machine to a Linux server. The problem is that it loses the connection when I leave my system for 1 hours or so. How can I increase this period to 2 hours at least? or there is a setting that I can do on server side?


Regards,
ak
0
Comment
Question by:akohan
  • 16
  • 8
  • 5
  • +5
42 Comments
 
LVL 87

Expert Comment

by:rindi
Comment Utility
Check the following Link:

http://openssh.org/faq.html#2.12
0
 
LVL 48

Expert Comment

by:Tintin
Comment Utility
The SSH client should have some keepalive option you can set.  It's generally easier to set it from the client side, rather the server side.
0
 
LVL 28

Expert Comment

by:Jan Springer
Comment Utility
Check your ssh daemon, may be located in /etc/ssh/sshd_config and see if you have the IdleTimeout specified:

IdleTimeout time
    Sets idle timeout limit to time in seconds (s or nothing afternumber), in minutes (m), in hours (h), in days (d), or in weeks (w).If the connection have been idle (all channels) for that long time thechild process is killed with SIGHUP, and connection is closed down.

If IdleTimeout is not specified in the server ssh daemon, then it's your client is most likely configured to terminate the connection after a specified idle time.
0
 

Author Comment

by:akohan
Comment Utility

Yes, that is what I did before but I didn't find any parameter on client's side setting. Regarding server side I found the file as RINDI had suggested and the value assigned to CleitnAliveInterval is 0. Should I chagne to 1 or .... ?

Regards,
ak
0
 

Author Comment

by:akohan
Comment Utility

No I don't have IdelTimeOut in there.

Thanks,
ak
0
 

Author Comment

by:akohan
Comment Utility


But I do see:

#LoginGraceTime 2m

this works?

0
 
LVL 48

Expert Comment

by:Tintin
Comment Utility
   ClientAliveInterval

         Sets a timeout interval in seconds after  which,  if  no
         data  has  been  received  from the client, sshd sends a
         message through  the  encrypted  channel  to  request  a
         response  from  the client. The default is 0, indicating
         that these messages will not be sent to the client. This
         option applies only to protocol version 2.

     LoginGraceTime

         The server disconnects after this time (in  seconds)  if
         the user has not successfully logged in. If the value is
         0, there is no time limit. The default is 120 (seconds).
0
 
LVL 40

Expert Comment

by:omarfarid
Comment Utility
Hi,

You may set it like

ClientAliveInterval 300

here 300 seconds = 5 min
0
 
LVL 19

Expert Comment

by:Redimido
Comment Utility
to override setup configuration and be able to come back later to a server I'm connected to, I use

idle.ksh:
#! /bin/ksh
clear
echo "Idle running. hit ctrl-c to exit"
while :;do
  sleep 5
done

and start the program...

HTH
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
there may be a couple of reasons ..
first start with your client's ssh config:

  KeppAlive no

then you need to instruct your shell to ignore the idle logout (if possible):

  unset TMOUT
  TMOUT=0
  unset autologout
  unsetenv TCSH_SHELL_AUTOLOGOUT
(above depends on your shell)

then you have to check your server's sshd_config:

  ClientAliveInterval 0

and if all that fails you have to consult the admin of your workstation and the server to tweak TCP/IP kernel settings.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
You should be using PuTTY instead.
0
 

Author Comment

by:akohan
Comment Utility

Yes, I gave up on this game so I used putty but same thing happens. I'm sure there must be a setting on server side. So the solution wasn't putty too :(

Thanks anyway.

0
 

Author Comment

by:akohan
Comment Utility

Now, I'm checking the server side parameter LoginGraceTime as was pointed out by Tintin. I will get back to you guys soon. Sorry for the delay I have been busy with school exams.

Regards,
ak
0
 

Author Comment

by:akohan
Comment Utility

No. unfrotunately LoginGraceTime doesn't work either. Any other comment on how to avoid getting kicked out when a there is on activity on client side? I need a connection which stays as long as I have not logged out.

Thanks,
ak
0
 
LVL 40

Expert Comment

by:omarfarid
Comment Utility
One old trick I use to do, is to have a script that will send a message to the terminal when I am not working on it to keep the session live.

e.g.

while true
do
   echo "-.-.-."
   sleep 60
done
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
did you read http:#20392977 ?

a simple workaround to keep an idle terminal bussy
  ping -i 299 127.0.0.42
0
 
LVL 19

Expert Comment

by:Redimido
Comment Utility
As I said... a script called idle was my most practical solution
0
 

Author Comment

by:akohan
Comment Utility

Thanks for your response but how about other users I know in my working place dont' have such problem? they don't use any script and using the same client ?

Regards,
ak
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
> .. they don't use any script
.. simply 'cause they did what I already suggested :-))
0
 

Author Comment

by:akohan
Comment Utility

Would you please tell me what script are you talking about?

Thanks,
ak
0
 
LVL 19

Expert Comment

by:Redimido
Comment Utility
check my comment #20392693
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 61

Expert Comment

by:gheist
Comment Utility
Let me suggest you get putty ssh client that supports keep-alive from client side.
Old SSH.COM client is no better than any other legacy software.
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
> Would you please tell me what script are you talking about?
click here --> http:#20392977
0
 

Author Comment

by:akohan
Comment Utility

I see there:

#TCPKeepAlive yes

but it seems it is commented out.  and I'm wondering if it is exactly what you had pointed out!

Any comments?

Thanks,
ak

0
 
LVL 40

Expert Comment

by:omarfarid
Comment Utility
Uncomment the line and see if you get what you want.

0
 

Author Comment

by:akohan
Comment Utility

I believe it is already commented out since has a # in advnace.

Any comments?
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Option you mention is enabled by default. Your firewall drops connections with this option set.
     ClientAliveCountMax
             Sets the number of client alive messages (see below) which may be
             sent without sshd(8) receiving any messages back from the client.
             If this threshold is reached while client alive messages are be-
             ing sent, sshd will disconnect the client, terminating the ses-
             sion.  It is important to note that the use of client alive mes-
             sages is very different from TCPKeepAlive (below).  The client
             alive messages are sent through the encrypted channel and there-
             fore will not be spoofable.  The TCP keepalive option enabled by
             TCPKeepAlive is spoofable.  The client alive mechanism is valu-
             able when the client or server depend on knowing when a connec-
             tion has become inactive.

             The default value is 3.  If ClientAliveInterval (see below) is
             set to 15, and ClientAliveCountMax is left at the default, unre-
             sponsive SSH clients will be disconnected after approximately 45
             seconds.  This option applies to protocol version 2 only.

     ClientAliveInterval
             Sets a timeout interval in seconds after which if no data has
             been received from the client, sshd(8) will send a message
             through the encrypted channel to request a response from the
             client.  The default is 0, indicating that these messages will
             not be sent to the client.  This option applies to protocol ver-
             sion 2 only.

Make sure you set Protocol 2 instead of Protocol 2,1 to mak sure you connect using this option
0
 
LVL 40

Expert Comment

by:omarfarid
Comment Utility
I mean remove the # :)
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
openssh server's default config file has default configuration options commented out. No need to reduntantly enable them.
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
gheist, do you know how that server in question was compiled? I doubt.
Anyway, I believe it's a default one until someone checked all possibilities.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
When portable openssh is compiled and installed it generates config file with default options all commented out.
0
 

Author Comment

by:akohan
Comment Utility

I have applied those changes to the sshd.conf and currently testing it.

Thanks for your help.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Have you restarted sshd after "applying" config change?

Hint: /etc/init.d/sshd restart
0
 

Author Comment

by:akohan
Comment Utility

NO! thanks for sharing this.
0
 

Author Comment

by:akohan
Comment Utility

Unfortunately, still the connection drops. Any comments?

Thanks,
ak


0
 
LVL 40

Expert Comment

by:omarfarid
Comment Utility
Did you try running

while true
do
   echo "-.-.-."
   sleep 60
done

0
 

Author Comment

by:akohan
Comment Utility

Not yet!  but where should I place this code at?

0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
In terminal.
Does connection drop when you use putty ssh client?
0
 

Author Comment

by:akohan
Comment Utility

I've used Putty, SecureCRT, Secure Shell Client so far. Doesn't matter what client application I use it will drop the connection.

0
 
LVL 61

Accepted Solution

by:
gheist earned 500 total points
Comment Utility
So your firewall just drops connection after some predefinded time. There is nothing you can do. Ask firewall admin to fix.
0
 
LVL 19

Expert Comment

by:Redimido
Comment Utility
please try omarfarid's suggestion or mine. both try to start a program in order to maintain the packet flow on the network and thus avoid disconnection.

0
 

Author Comment

by:akohan
Comment Utility

I guess there is no answer for this question and the only thing which works here is the firewall issue.

Thanks for your time.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now