Enable SSH Keep Alive

One of the first things I do every time I set up a server is increase the timeout on the SSH timeout to a much higher value. Nothing more annoying than when you go to refill your drink only to return to a dead session. Increasing the timeout is quite simple:

On the server execute the following commands:

sudo pico /etc/ssh/sshd_config

Look for TCPKeepAlive and make sure it is set to yes and add the following lines after it:

ClientAliveInterval 30
ClientAliveCountMax 1000

This will execute a “keep alive” command every 30 seconds and continue to do so 1000 times. You can tweak these settings to suit your needs of course. You will also need to restart your SSH server using the following command:

# /etc/init.d/sshd restart

For more information on configuring SSH, just type man ssh.


Tags: , , , , ,

  • Del.icio.us
  • StumbleUpon
  • Reddit
  • Twitter
  • RSS

20 Responses to “Enable SSH Keep Alive”

  1. acanac says:

    Very handy 😀

  2. kousi says:

    This may be common knowledge but I really do not know:

    When I logon remotely (outside my LAN) my connection drops after idle for a bit, whereas when I’m at home it stays on indefinitely. I already set this and am testing it, but is this the case for everyone else?

  3. fettesps says:

    pico is a basic text editor for Linux. You can of course use whichever you prefer, nano, vi, emacs, etc

  4. mogmog says:

    I don’t understand why it’s a server option though – as this only happens at your work the best option would be to enable this on your work computer.

    I guess it doesn’t hurt to enable this though.

  5. onmach says:

    There is a client option. You can put it in your .ssh/config file ie:

    Host server1 server2
    ServerAliveInterval 300

    Or just put it in /etc/ssh/ssh_config.

  6. geekamongus says:

    It could be the SSH client you are using — perhaps they have different settings at home vs. at work? Some support keepalive, while others do not.

  7. bsdboy says:

    You’re probably going through a firewall that has it’s translations set to dismantle idle connections after this given amount of time.

  8. joelthelion says:

    How does increasing the ssh keep alive time decrease security? I’m genuinely curious here.

  9. kousi says:

    Yeah it must be, I use openwrt, which, when I SSH directly to that it stays connected. I was beginning to wonder if SSHD was doing connection closing based on remote IP. I’ll have to look into the openwrt firewall settings sometime.

  10. bsdboy says:

    To make it easier to track down, use time when you ssh and immediately go idle. `time ssh my.com`

    When it disconnects it’ll let you exactly how long it was, if it’s 20 minutes you will be looking for a 20 minute timer.

  11. kousi says:

    Thanks for the great tip.

  12. speaker219 says:

    pico = nano, yes?

  13. fettesps says:

    Not quite, nano is build to resemble pico and was supposed to replace it. But it has some weird quirks I’ve never been able to figure out, such as my numpad cant be used for entering numbers (rather it invokes commands).

  14. geekamongus says:

    While SSH is encrypted, there are still ways in which the terminal you left open on your desktop could get abused. Granted, it may not be very likely in many scenarios, but someone who gained access to your desktop (physically or remotely) could then use that terminal. The logic is that if you close when you are not using it, you are inherently more secure.

  15. Aeiri says:

    That has absolutely no relevance here. If you are logged into a machine and not locked when away the last thing you would probably be worrying about is a stray SSH connection. Your private encryption keys or even your SSH trusted keys are much more vulnerable.

  16. eonbt says:

    If you’re not connecting from a linux box, you can set putty to permanently keep alive a connection until it is closed or the connection is interrupted.

  17. trid says:

    * 1) Why are half the comments from here also on the blog, with the same username?
    * 2) You make it sound as it will only send 1000 keep-alive messages and then stop, but it actually means that it will only close the connection after 1000 keep-alive messages did not get an answer.
    * 3) Setting this value to 1000 is crazy, this means a interrupted connection will go on and block resources for over 8 hours. The only time when this makes sense, is when you are on a bad connection (UMTS/3G on a train or something like that) and know that there will be some interruptions, but the connection will recover.
    * 4) This setting would make more sense on the client.

  18. fettesps says:

    There’s a plugin that automatically shows any comments you got on Digg or Reddit in your own blog.
    http://valums.com/wordpress-comments-digg-reddit/

  19. Neoncow says:

    > There’s a plugin that automatically shows any comments you got on Digg or Reddit in your own blog.

    > http://valums.com/wordpress-comments-digg-reddit/

    Super cool, you’ve got blogs in your reddit and reddit in your blogs!

  20. speaker219 says:

    Ah, my mistake. Thanks for clarifying.

Leave a Reply