Keeping SSH from disconnecting automatically

For work, I often develop on a remote Linux box that I SSH into. Now, as a web developer, one of the big advantages of interpreted languages is that there are no big compile steps to wait for.

One of the big disadvantages is that nothing exciting is happening when you take a break (no sword fights, for example). The screen is just sitting there. Unfortunately, OpenSSH servers in their default settings take this silence as a perfect excuse to cut the cord after 5 minutes.

If that happens a lot during the day, this can be pretty annoying! But fear not, dear reader. On a Redhat-like system, you want to edit /etc/ssh/sshd_config and add the following line (note: only the second line is needed, read below):

TCPKeepAlive yes
ClientAliveInterval 60

Restart the SSH server, and it shall henceforth not punish you for prolonged periods of silence anymore. :)

Update: Two of my readers pointed out interesting things. First, Sancus mentioned that TCPKeepAlive is different from ClientAliveInterval and serves a different purpose. To avoid your connection dropping, the latter is likely to be the better option.

Jeff says, if you set this in the ~/.ssh/config file on your client, you’ll achieve the same effect without the need to modify the server settings:

Host *
ServerAliveInterval 300

This is obviously a highly charming alternative because more often than not, you are won’t have (write) access to your server’s sshd_config.



October 21st, 2009

Permalink | 6 Comments

Categories: Tech Talk | Tags: ,

«
»

6 Responses to “Keeping SSH from disconnecting automatically”

  1. Awesome. I’ve been wanting this for a while now, but was always too lazy to look up how to do it. Thanks!

    1 Paul C on October 21st, 2009 at 7:29 pm

  2. My ~/.ssh/config starts with this:

    Host *
    ServerAliveInterval 300

    So my client does the KeepAlive for all connections, no matter how the server is configured.

    2 Jeff Balogh on October 21st, 2009 at 8:19 pm

  3. TCPKeepAlive and ClientAliveInterval are actually separate methods of keeping connections alive. ClientAliveInterval is a secure method, and TCPKeepAlive is not. Basically, this works without the TCPKeepAlive yes and if you’re using it you should probably turn TCPKeepAlive off.

    From man sshd_config:
    “It is important to note that the use of client alive messages is very different from TCPKeepAlive (below). The client alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The client alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive.”

    3 Sancus on October 21st, 2009 at 8:42 pm

  4. Jeff: Very interesting, thanks!

    Sancus: Makes sense. Maybe I should have Read The Fine Manual more thoroughly. I will update the post with both your suggestions.

    4 Fred on October 21st, 2009 at 9:26 pm

  5. Most Red Hat systems I’ve used (and as a sysadmin I’ve used a lot) default to not having a timeout in openssh. 95% of the time when you’re running into this it’s your router at home that’s cutting you off. Most DSL/cable routers will kill off idle TCP connections after 5 to 10 minutes by default. I know this is the case with the default firmware on most Linksys branded routers (because I have a couple of them). Most of the third party firmware you can get for those things has that “feature” disabled though. :)

    5 Dave Miller on October 22nd, 2009 at 11:03 am

  6. Dave: Thanks! While the SSH settings will keep this from happening by keeping the connection alive, it didn’t come to my mind that it might be the router exerting its force over me ;) Great “feature”, I must say. But I guess they do it in order to avoid running out of their highly limited resources if half-open connections keep piling up.

    6 Fred on October 22nd, 2009 at 11:14 am

Leave a Reply