Blog

In this tutorial we will learn about how to increase SSH connection timeout in Linux. So, let’s start see step by step this process.

Sometimes SSH connection timeouts will be very irritating you. It will force you to re-initiate the connection and start all activity again.

To avoid such types of issue, we can easily increase SSH connection timeout limit and keep our SSH session alive even after some inactivity. This happens when either the server or the client sends null packets to the other system to keep the session alive.

For more details about ssh connection you can Click-Here

There are two options related to SSH inactivity in /etc/ssh/sshd_config file: –

• ClientAliveInterval
• ClientAliveCountMax

ClientAliveInterval: – The ClientAliveInterval parameter specifies the time in seconds that the server will wait before sending a null packet to the client system to keep the connection alive.

ClientAliveCountMax: – The ClientAliveCountMax parameter defines the number of client alive messages which are sent without getting any messages from the client. If this limit is reached then the messages are being sent, the sshd daemon will drop the session, effectively terminating the ssh session.

So, the timeout value is calculated by multiplying ClientAliveInterval with ClientAliveCountMax. Like below: –

timeout interval = ClientAliveInterval * ClientAliveCountMax

You can also find these two parameters meaning in the man page of ssh_config.

[root@urclouds-master ~]# man sshd_config
The list of available ciphers may also be obtained using "ssh -Q cipher".
ClientAliveCountMax Sets the number of client alive messages which may be sent without sshd(8) receiving any messages back from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the client, terminating the session. It is important to note that the use of client alive messages is very different from TCPKeepAlive. The client alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The client alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive. The default value is 3. If ClientAliveInterval is set to 15, and ClientAliveCountMax is left at the default, unresponsive SSH clients will be discon‐ nected after approximately 45 seconds.
ClientAliveInterval Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client.

In this tutorial we will use 2 methods to increase 30 minutes SSH connection timeout. So, let’s start and see first methods.

Method 1

I am going to configure timeout value in the /etc/ssh/ssh_config file will below parameters.

After this changes we must restart our ssh services. So, let’s start our ssh service, with below commands.

[root@urclouds-master ~]# systemctl restart sshd
[root@urclouds-master ~]#

This configuration will make the session timeout in 30 minutes, as the ClientAliveCountMax value is multiplied by the ClientAliveInterval value.

Method 2

We can also set the ClientAliveCountMax value to 0 and ClientAliveInterval value to 30m to achieve this same. Like below: –

[root@urclouds-master ~]# vi /etc/ssh/sshd_config
AllowAgentForwarding yes
AllowTcpForwarding yes
GatewayPorts no
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
PermitTTY yes
PrintMotd yes
PrintLastLog yes
TCPKeepAlive yes
UseLogin no
UsePrivilegeSeparation sandbox
PermitUserEnvironment no
Compression delayed
ClientAliveInterval 30 #30 Minutes
ClientAliveCountMax 0 #0 Times
ShowPatchLevel no
UseDNS yes
PidFile /var/run/sshd.pid
MaxStartups 10:30:100
PermitTunnel no
ChrootDirectory none
VersionAddendum none

Now we must restart ssh service to effect these changes. So, let’s start ssh service.

[root@urclouds-master ~]# systemctl restart sshd
[root@urclouds-master ~]#

Difference between method 1 and method 2

These are miner difference between these two methods. For the first method, sshd will send messages, called Client Alive Messages here, through the encrypted channel to request a response from client if client is inactive for 15 minutes. The sshd daemon will send these messages max two times. If this threshold is reached while Client Alive Messages are being sent, sshd will disconnect the client.

But for the second method, sshd will not send client alive messages and terminate the session directly if client is inactive for 30 minutes.

That’s all in this tutorial we have seen how to increase SSH connection timeout in Linux.

You can also check this link

Network configuration after CentOS 7 minimal installation