Changing SSH Timeout
- Thread starter guru_ck
- Start date
No go:
[root@host ~]# sudo /sbin/service sshd start
Starting sshd:/etc/ssh/sshd_config: line 115: Bad configuration option: ConnectTimeout
/etc/ssh/sshd_config: terminating, 1 bad configuration options
[FAILED]
Here is the config file: http://ck84.ws/sshd_config.txt
There is no ConnectTimeout option according to "man sshd_config", which is why it isn't recognized.
With 2 minute timeout are you referring to login timeout (i.e. time between connection is established and valid username / password is entered) or to something else? If you're reffering to login timeout, then correct option name would be "LoginGraceTime", here is a copy & paste from "man sshd_config":
Regards,
Paul
With 2 minute timeout are you referring to login timeout (i.e. time between connection is established and valid username / password is entered) or to something else? If you're reffering to login timeout, then correct option name would be "LoginGraceTime", here is a copy & paste from "man sshd_config":
Regards,
Paul
Hi Paul - I'm referring to the ssh session getting disconnected when my SecureCRT client is idle. It seems to be very short right now, like 2 minutes. I'd like to extend it to around 120 minutes. When I'm getting disconnected I am already logged in and at the prompt. TIA.
Seems like I need to setup one of these... just not sure what I should set the variables to:
ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received from the client, sshd will send a mes-
sage through the encrypted channel to request a response from the client. The default is 0, indicating that these
messages will not be sent to the client. This option applies to protocol version 2 only.
ClientAliveCountMax
Sets the number of client alive messages (see above) which may be sent without sshd receiving any messages back from
the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the
client, terminating the session. It is important to note that the use of client alive messages is very different
from TCPKeepAlive (below). The client alive messages are sent through the encrypted channel and therefore will not
be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The client alive mechanism is valu-
able when the client or server depend on knowing when a connection has become inactive.
The default value is 3. If ClientAliveInterval (above) is set to 15, and ClientAliveCountMax is left at the
default, unresponsive ssh clients will be disconnected after approximately 45 seconds.
TCPKeepAlive
Specifies whether the system should send TCP keepalive messages to the other side. If they are sent, death of the
connection or crash of one of the machines will be properly noticed. However, this means that connections will die
if the route is down temporarily, and some people find it annoying. On the other hand, if TCP keepalives are not
sent, sessions may hang indefinitely on the server, leaving "ghost" users and consuming server resources.
The default is "yes" (to send TCP keepalive messages), and the server will notice if the network goes down or the
client host crashes. This avoids infinitely hanging sessions.
To disable TCP keepalive messages, the value should be set to "no".
ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received from the client, sshd will send a mes-
sage through the encrypted channel to request a response from the client. The default is 0, indicating that these
messages will not be sent to the client. This option applies to protocol version 2 only.
ClientAliveCountMax
Sets the number of client alive messages (see above) which may be sent without sshd receiving any messages back from
the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the
client, terminating the session. It is important to note that the use of client alive messages is very different
from TCPKeepAlive (below). The client alive messages are sent through the encrypted channel and therefore will not
be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The client alive mechanism is valu-
able when the client or server depend on knowing when a connection has become inactive.
The default value is 3. If ClientAliveInterval (above) is set to 15, and ClientAliveCountMax is left at the
default, unresponsive ssh clients will be disconnected after approximately 45 seconds.
TCPKeepAlive
Specifies whether the system should send TCP keepalive messages to the other side. If they are sent, death of the
connection or crash of one of the machines will be properly noticed. However, this means that connections will die
if the route is down temporarily, and some people find it annoying. On the other hand, if TCP keepalives are not
sent, sessions may hang indefinitely on the server, leaving "ghost" users and consuming server resources.
The default is "yes" (to send TCP keepalive messages), and the server will notice if the network goes down or the
client host crashes. This avoids infinitely hanging sessions.
To disable TCP keepalive messages, the value should be set to "no".
I bet this isn't related to sshd configuration - it doesn't kill connections after such short period of time. I guess connection gets terminated by your OS or your router/NAT device. Try to check router configuration to find out if you can adjust connection timeout there.
I'm not very familiar with SecureCRT but in Putty you can setup keep alive timeout which will prevent session from being killed by OS / router. Alternatively you may want to take a look at the following sshd options to initiate session keepalive packets from the server side. Please note that these options will affect every single ssh connection on your system.
Regards,
Paul
I'm not very familiar with SecureCRT but in Putty you can setup keep alive timeout which will prevent session from being killed by OS / router. Alternatively you may want to take a look at the following sshd options to initiate session keepalive packets from the server side. Please note that these options will affect every single ssh connection on your system.
Code:
ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received from the client, sshd will send a message through the encrypted channel to
request a response from the client. The default is 0, indicating that these messages will not be sent to the client. This option applies to protocol ver-
sion 2 only.
ClientAliveCountMax
Sets the number of client alive messages (see above) which may be sent without sshd receiving any messages back from the client. If this threshold is
reached while client alive messages are being sent, sshd will disconnect the client, terminating the session. It is important to note that the use of
client alive messages is very different from TCPKeepAlive (below). The client alive messages are sent through the encrypted channel and therefore will not
be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The client alive mechanism is valuable when the client or server depend on
knowing when a connection has become inactive.
The default value is 3. If ClientAliveInterval (above) is set to 15, and ClientAliveCountMax is left at the default, unresponsive ssh clients will be dis-
connected after approximately 45 seconds.Regards,
Paul
It's not a client side issue as I can connect to my work machines in our staging environments and it never disconnects me. I know that I could setup some kind of keep alive from my client but I'd rather have it done on the server side. I turned on TCPKeepAlive so we'll see if that resolves the issue. I have no idea how to deal with the Router/NAT in linux
.Thanks and I hope this information is useful for other users.