Enable SSH Keep Alive

June 11, 2009

One of the first things I do every time I set up a server is increase the timeout on the SSH timeout to a much higher value. Nothing more annoying than when you go to refill your drink only to return to a dead session. Increasing the timeout is quite simple:

On the server execute the following commands:

sudo pico /etc/ssh/sshd_config

Look for TCPKeepAlive and make sure it is set to yes and add the following lines after it:

ClientAliveInterval 30
ClientAliveCountMax 1000

This will execute a “keep alive” command every 30 seconds and continue to do so 1000 times. You can tweak these settings to suit your needs of course. You will also need to restart your SSH server using the following command:

# /etc/init.d/sshd restart

For more information on configuring SSH, just type man ssh.

Only registered users can comment.

  1. This may be common knowledge but I really do not know:

    When I logon remotely (outside my LAN) my connection drops after idle for a bit, whereas when I’m at home it stays on indefinitely. I already set this and am testing it, but is this the case for everyone else?

  2. I don’t understand why it’s a server option though – as this only happens at your work the best option would be to enable this on your work computer.

    I guess it doesn’t hurt to enable this though.

  3. There is a client option. You can put it in your .ssh/config file ie:

    Host server1 server2
    ServerAliveInterval 300

    Or just put it in /etc/ssh/ssh_config.

  4. It could be the SSH client you are using — perhaps they have different settings at home vs. at work? Some support keepalive, while others do not.

  5. You’re probably going through a firewall that has it’s translations set to dismantle idle connections after this given amount of time.

  6. Yeah it must be, I use openwrt, which, when I SSH directly to that it stays connected. I was beginning to wonder if SSHD was doing connection closing based on remote IP. I’ll have to look into the openwrt firewall settings sometime.

  7. To make it easier to track down, use time when you ssh and immediately go idle. `time ssh`

    When it disconnects it’ll let you exactly how long it was, if it’s 20 minutes you will be looking for a 20 minute timer.

  8. Not quite, nano is build to resemble pico and was supposed to replace it. But it has some weird quirks I’ve never been able to figure out, such as my numpad cant be used for entering numbers (rather it invokes commands).

  9. While SSH is encrypted, there are still ways in which the terminal you left open on your desktop could get abused. Granted, it may not be very likely in many scenarios, but someone who gained access to your desktop (physically or remotely) could then use that terminal. The logic is that if you close when you are not using it, you are inherently more secure.

  10. That has absolutely no relevance here. If you are logged into a machine and not locked when away the last thing you would probably be worrying about is a stray SSH connection. Your private encryption keys or even your SSH trusted keys are much more vulnerable.

  11. If you’re not connecting from a linux box, you can set putty to permanently keep alive a connection until it is closed or the connection is interrupted.

  12. * 1) Why are half the comments from here also on the blog, with the same username?
    * 2) You make it sound as it will only send 1000 keep-alive messages and then stop, but it actually means that it will only close the connection after 1000 keep-alive messages did not get an answer.
    * 3) Setting this value to 1000 is crazy, this means a interrupted connection will go on and block resources for over 8 hours. The only time when this makes sense, is when you are on a bad connection (UMTS/3G on a train or something like that) and know that there will be some interruptions, but the connection will recover.
    * 4) This setting would make more sense on the client.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.