Changing SSH Timeout

Discussion in 'The Lounge' started by guru_ck, Apr 27, 2007.

  1. guru_ck

    guru_ck New Member

    Hey Guys,

    How do I change the standard timeout time for SSH? Currently it seems to be around 2 minutes. I'd like to change it from the server side, not the client side. When I connect to our boxes at work SSH never times out.
     
  2. Caleb

    Caleb McDonald's Drywall Expert

    Edit your ssh_config file (usually found in /etc/ssh/ssh_config)

    to include 'ConnectTimeout 0'

    without the quotes


    -Caleb
     
  3. guru_ck

    guru_ck New Member

    No go:

    [[email protected] ~]# sudo /sbin/service sshd start
    Starting sshd:/etc/ssh/sshd_config: line 115: Bad configuration option: ConnectTimeout
    /etc/ssh/sshd_config: terminating, 1 bad configuration options
    [FAILED]
     
  4. guru_ck

    guru_ck New Member

  5. KH-Paul

    KH-Paul CTO Staff Member

    There is no ConnectTimeout option according to "man sshd_config", which is why it isn't recognized.
    With 2 minute timeout are you referring to login timeout (i.e. time between connection is established and valid username / password is entered) or to something else? If you're reffering to login timeout, then correct option name would be "LoginGraceTime", here is a copy & paste from "man sshd_config":

    Regards,
    Paul
     
  6. guru_ck

    guru_ck New Member

    Hi Paul - I'm referring to the ssh session getting disconnected when my SecureCRT client is idle. It seems to be very short right now, like 2 minutes. I'd like to extend it to around 120 minutes. When I'm getting disconnected I am already logged in and at the prompt. TIA.
     
  7. guru_ck

    guru_ck New Member

    Seems like I need to setup one of these... just not sure what I should set the variables to:

    ClientAliveInterval
    Sets a timeout interval in seconds after which if no data has been received from the client, sshd will send a mes-
    sage through the encrypted channel to request a response from the client. The default is 0, indicating that these
    messages will not be sent to the client. This option applies to protocol version 2 only.

    ClientAliveCountMax
    Sets the number of client alive messages (see above) which may be sent without sshd receiving any messages back from
    the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the
    client, terminating the session. It is important to note that the use of client alive messages is very different
    from TCPKeepAlive (below). The client alive messages are sent through the encrypted channel and therefore will not
    be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The client alive mechanism is valu-
    able when the client or server depend on knowing when a connection has become inactive.

    The default value is 3. If ClientAliveInterval (above) is set to 15, and ClientAliveCountMax is left at the
    default, unresponsive ssh clients will be disconnected after approximately 45 seconds.

    TCPKeepAlive
    Specifies whether the system should send TCP keepalive messages to the other side. If they are sent, death of the
    connection or crash of one of the machines will be properly noticed. However, this means that connections will die
    if the route is down temporarily, and some people find it annoying. On the other hand, if TCP keepalives are not
    sent, sessions may hang indefinitely on the server, leaving "ghost" users and consuming server resources.

    The default is "yes" (to send TCP keepalive messages), and the server will notice if the network goes down or the
    client host crashes. This avoids infinitely hanging sessions.

    To disable TCP keepalive messages, the value should be set to "no".
     
  8. KH-Paul

    KH-Paul CTO Staff Member

    I bet this isn't related to sshd configuration - it doesn't kill connections after such short period of time. I guess connection gets terminated by your OS or your router/NAT device. Try to check router configuration to find out if you can adjust connection timeout there.
    I'm not very familiar with SecureCRT but in Putty you can setup keep alive timeout which will prevent session from being killed by OS / router. Alternatively you may want to take a look at the following sshd options to initiate session keepalive packets from the server side. Please note that these options will affect every single ssh connection on your system.

    Code:
         ClientAliveInterval
                 Sets a timeout interval in seconds after which if no data has been received from the client, sshd will send a message through the encrypted channel to
                 request a response from the client.  The default is 0, indicating that these messages will not be sent to the client.  This option applies to protocol ver-
                 sion 2 only.
    
         ClientAliveCountMax
                 Sets the number of client alive messages (see above) which may be sent without sshd receiving any messages back from the client.  If this threshold is
                 reached while client alive messages are being sent, sshd will disconnect the client, terminating the session.  It is important to note that the use of
                 client alive messages is very different from TCPKeepAlive (below).  The client alive messages are sent through the encrypted channel and therefore will not
                 be spoofable.  The TCP keepalive option enabled by TCPKeepAlive is spoofable.  The client alive mechanism is valuable when the client or server depend on
                 knowing when a connection has become inactive.
    
                 The default value is 3.  If ClientAliveInterval (above) is set to 15, and ClientAliveCountMax is left at the default, unresponsive ssh clients will be dis-
                 connected after approximately 45 seconds.
    
    
    Regards,
    Paul
     
  9. guru_ck

    guru_ck New Member

    It's not a client side issue as I can connect to my work machines in our staging environments and it never disconnects me. I know that I could setup some kind of keep alive from my client but I'd rather have it done on the server side. I turned on TCPKeepAlive so we'll see if that resolves the issue. I have no idea how to deal with the Router/NAT in linux :).

    Thanks and I hope this information is useful for other users.
     
  10. guru_ck

    guru_ck New Member

    Doh, the TCPKeepAlive didn't fix it. It just disconnected me :(. And yeah I /etc/init.d/sshd restart first.
     
  11. guru_ck

    guru_ck New Member

    Ok guys I think I got it.

    Leave TCPKeepAlive commented out.

    Uncomment:
    ClientAliveInterval 3600
    ClientAliveCountMax 1

    ClientAliveInterval x ClientAliveCountMax = total amount of time before your session is disconnected. 1 hour in the example above.
     
  12. guru_ck

    guru_ck New Member

    I spoke too soon again... it disconnected me. If anyone else is having this issue let me know. I give up for now.
     
  13. Caleb

    Caleb McDonald's Drywall Expert

    I would also like to know a solution for this. It seems I only have this issue with knownhost. I get disconnected fairly quickly.


    -Caleb
     
  14. guru_ck

    guru_ck New Member

    It seems to only happen when I access an ssh session outside of our network at the Office. When I connect from home it is fine.
     

Share This Page