Tuesday, June 14, 2011

Keeping OpenSSH from disconnecting

Sometimes whille connecting to another remote server via, there is this unplesant disconnection. How do we deal with it. You have to look at OpenSSH configuration


# /etc/ssh/sshd_config

ClientAliveInterval 15
ClientAliveCountMax 3

From the man page from ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been    received from the client, sshd will send a message through the encrypted channel to request a response from the client.  The default
is 0, indicating that these messages will not be sent to the client.  This option applies to protocol version 2 only.


ClientAliveCountMax
Sets the number of client alive messages (see above) which may be sent without sshd receiving any messages back from the client. If this threshold is reached while client alive messages are being
sent, sshd will disconnect the client, terminating the session.


If ClientAliveInterval (above) is set to 15, and ClientAliveCountMax is left 3, unresponsive ssh clients will be disconnected after approximately 45 seconds.

Do note that the ClientAlive messages are sent through the encrypted channel. On the other hand, The TCPKeepAlive Messages is not sent through encrypted Channel and thus spoofable.

No comments: