SSH session timeout

Date published: February 18th, 2008
Posted in FreeBSD Jails, SSH | 2 Comments ยป

Have you ever noticed that on some Internet connections, ssh sessions will drop for no reason other than a lack of activity? I have noticed this when using ssh from some open access points and friends houses. The reason isn’t a poor internet connection but actually a poor router. Most home/office routers perform NAT to connect users on a private network to the public Internet. The router must keep table open of what connections are active, connecting local IP addresses to remote servers. The problem is that if a TCP session (such as ssh) doesn’t send data after awhile, the router will think it timed out and remove it from its NAT connections table. This results in a dropped ssh connection.

To workaround this, you can setup a keepalive on your ssh connection. The keepalive will send a heartbeat check between the client and server, so the session stays active and doesn’t look dormant. You can configure this in the Windows client, putty, or you can configure it in opensshd on your FreeBSD vps.

To set this up, edit /etc/ssh/sshd_config on your VPS or server and add:

ClientAliveInterval 300
ClientAliveCountMax 3

This will have sshd send a heartbeat every 5 minutes (300 seconds) and allow for up to 3 missed heartbeat responses before considering the session dead.

You must then restart sshd to apply the settings:

/etc/rc.d/sshd restart

Cheers

2 thoughts on “SSH session timeout

Leave a Reply

Your email address will not be published. Required fields are marked *