How to Keep Alive SSH Sessions

Many NAT firewalls time out idle sessions after a certain period of time to keep their trunks clean. Sometimes the interval between session drops is 24 hours, but on many commodity firewalls, connections are killed after as little as 300 seconds. To avoid having your SSH sessions become unresponsive after e.g. 5 minutes, do the following:

On Windows (PuTTY)

In your session properties, go to Connection and under Sending of null packets to keep session active, set Seconds between keepalives (0 to turn off) to e.g. 300 (5 minutes).

On Linux (ssh)

To enable the keep alive system-wide (root access required), edit/etc/ssh/ssh_config; to set the settings for just your user, edit~/.ssh/config (create the file if it doesn’t exist). Insert the following:

Host *

    ServerAliveInterval 300

    ServerAliveCountMax 2

You can also make your OpenSSH server keep alive all connections with clients by adding the following to /etc/ssh/sshd_config:

TCPKeepAlive yes
ClientAliveInterval 300

ClientAliveCountMax 2

These settings will make the SSH client or server send a null packet to the other side every 300 seconds (5 minutes), and give up if it doesn’t receive any response after 2 tries, at which point the connection is likely to have been discarded anyway.

From the ssh_config man page:

ServerAliveCountMax
Sets the number of server alive messages (see below) which may be sent without ssh(1) receiving any messages back from the server. If this threshold is reached while server alive messages are being sent, ssh will disconnect from the server, terminating the session. It is important to note that the use of server alive messages is very different from TCPKeepAlive (below). The server alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The server alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive.

The default value is 3. If, for example, ServerAliveInterval (see below) is set to 15 and ServerAliveCountMax is left at the default, if the server becomes unresponsive, ssh will disconnect after approximately 45 seconds. This option applies to protocol version 2 only; in protocol version 1 there is no mechanism to request a response from the server to the server alive messages, so disconnection is the responsibility of the TCP stack.

ServerAliveInterval
Sets a timeout interval in seconds after which if no data has been received from the server, ssh(1) will send a message through the encrypted channel to request a response from the server. The default is 0, indicating that these messages will not be sent to the server, or 300 if the BatchMode option is set. This option applies to protocol version 2 only. ProtocolKeepAlives and SetupTimeOut are Debian-specific compatibility aliases for this option.

How to Keep Alive SSH Sessions的更多相关文章

  1. setting>SSH>sessions setting>勾选ssh Keepalive[ MobaXterm】设置保持SSH连接

    [ MobaXterm]设置保持SSH连接 ssh远程连接会在无操作时自动断开连接.为了保持程序运行和连接,需要设置保持连接. 1.MobaXterm如果使用了MobaXterm客户端,那么需要在设置 ...

  2. Linux UserSpace Back-Door、Rootkit SSH/PAM Backdoor Attack And Defensive Tchnology

    catalog . 引言 . Pam后门 . SSH后门 . Hijacking SSH . Hijacking SSH By Setup A Tunnel Which Allows Multiple ...

  3. SSH Tunneling Explained

    转载: http://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/ March 21, 2012 by Buddhi ...

  4. Java ssh 访问windows/Linux

     Java ssh 访问windows/Linux 工作中遇到的问题: Java code运行在一台机器上,需要远程到linux的机器同时执行多种命令.原来采用的方法是直接调用ssh命令或者调用pli ...

  5. Cisco 学会使用Telnet、SSH

    实验目的:通过控制R1 后 , TELNET 到R2(12.1.1.2),R3(13.1.1.3)对R2,R3 进行远程管理. 在R1 上配置: R1#telnet 12.1.1.2 //从R1 TE ...

  6. java linux ssh jar

    Ganymed SSH-2 for Java http://www.ganymed.ethz.ch/ssh2/ Ganymed SSH-2 for Java is a library which im ...

  7. 转:linux 修改sftp服务默认提供者sshd的session timeout

    ssh连接超时问题解决方案: 1.修改server端的etc/ssh/sshd_config ClientAliveInterval 60 #server每隔60秒发送一次请求给client,然后cl ...

  8. Linux Overflow Vulnerability General Hardened Defense Technology、Grsecurity/PaX

    Catalog . Linux attack vector . Grsecurity/PaX . Hardened toolchain . Default addition of the Stack ...

  9. 网卡驱动引起openstack的mtu问题

    一套Pike版本的openstack测试环境,使用vlan模式的网络,数据网网卡使用的是绿联的usb百兆网卡,遇到了虚拟机网络异常的问题.同一个vlan下,不同宿主机上的两台虚拟机,相互之间可以pin ...

随机推荐

  1. 【verilog】fdisplay中如何保存有符号形式

    2014-01-02 10:10:29 参考:http://xilinx.eetop.cn/viewthread-275584 使用系统任务$signed,如 $fdisplay(fp, " ...

  2. [HDOJ5667]Sequence(矩阵快速幂,费马小定理)

    题目链接:http://acm.hdu.edu.cn/showproblem.php?pid=5667 费马小定理: 假如p是质数,且gcd(a,p)=1,那么 a^(p-1)≡1(mod p). 即 ...

  3. hdu 1520 Anniversary party || codevs 1380 树形dp

    Anniversary party Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 65536/32768 K (Java/Others ...

  4. Javascript学习-闭包

    看的这篇 http://www.ruanyifeng.com/blog/2009/08/learning_javascript_closures.html 各种专业文献上的"闭包" ...

  5. jquery.datatable插件从数据库读取数据

    一.分页 分页的基本思想是根据datatable的页码及每页显示的行数,将数据从数据库分段提出,然后再填充到表格中,以达到分页的效果. 这里需要用到datatable插件的几个属性: "sE ...

  6. networking常用命令

    nc -l 3000 将开一个临时的3000端口并且侦听,用于测试

  7. js之json

    关于json不了解的,请点击:http://www.json.org/json-zh.html json对象的属性必须要用双引号,值为字符串类型也只能使用双引号,例:{"name" ...

  8. JS面向对象组件 -- 继承的其他方式(类式继承、原型继承)

    继承的其他形式: •类式继承:利用构造函数(类)继承的方式 •原型继承:借助原型来实现对象继承对象   类 : JS是没有类的概念的 , 把JS中的构造函数看做的类 要做属性和方法继承的时候,要分开继 ...

  9. zabbix (2.0.6) 历史记录处乱码

    1.首先备份数据库 mysqldump -uroot -p123456 zabbix > zabbix.sql 2.设置字符 sed -i 's/latin1/utf8/g' zabbix.sq ...

  10. poj 3254(状态压缩基础题)

    题意:就是你给一个n行m列的矩阵,矩阵里的元素由0和1组成,1代表肥沃的土地可以种植作物,0则不可以种植作物,并且相邻的土地不能同时种植作物,问你有多少种种植方案. 分析:这是我做的第一道状态压缩dp ...