SSH Session Inactivity Configuration?
Solution 1
I'm using export TMOUT=3600 in my ~/.bashrc to close an inactive session after 1 hour.
Solution 2
Most of what you are setting look tcp settings. You need to tell your shell to log you out. The comment about setting TMOUT=3600 for an hour is one that I have scored up. You may want to put this in the global profile (/etc/profile)
tcp keepalives are all to do with how often packets are sent to keep a tcp session active. eg if there was not traffic for a minute and the tcp keep alive was set to 60 seconds then a keep alive packet would be sent to keep the session active. This is a reasonable set of descriptions of the various tcp variables
Solution 3
I've got ClientAliveInterval 600 ClientAliveCountMax 0 and it works
Related videos on Youtube
13 : 55
04 : 11
01 : 14
06 : 48
03 : 26
Dizzle
Updated on September 17, 2022Comments
-
Dizzle over 1 year
I'm trying to zero in on the exact option, or combination of options, that will force each SSH session to be terminated when inactive for a specified time. I'm using Putty to SSH to a RHEL AS3 server; keepalives are set to "off" (0) for Putty, and keepalives are commented-out in the ssh_config and sshd_config files.
I've Google-bounced to different places, and I've found some tidbits on ServerFault, but I'm hoping to find a "concrete" solution. I've tried modifying the /etc/ssh/sshd_config file by adding this:
ClientAliveInterval 15 ClientAliveCountMax 1
(It's set at 15 seconds for testing)
Then restarted SSH:
/sbin/service sshd restart
But no luck; the session never timed out (checked back after 23 minutes). I also tried modifying the "keepalive" kernel parameters:
% echo "60" > /proc/sys/net/ipv4/tcp_keepalive_time (default was 7200)
% echo "1" > /proc/sys/net/ipv4/tcp_keepalive_probes (default was 9)
% echo "5" > /proc/sys/net/ipv4/tcp_keepalive_intvl (default was 75)
But the session remained active (checked back after 8 minutes). Any help on what piece of the puzzle I'm missing would be greatly appreciated. Thanks!
--- DT
-
Dizzle almost 15 yearsThanks Jure, but I tried your settings and it didn't time out. -- D
-
Dizzle almost 15 yearsI found that just after posting this, but sshd screamed at me during the restart attempt ("bad option"), and when I changed back to the original sshd_config and attempted another sshd restart, I was booted off. I actually had to go to the console to start sshd up again. I quick-scanned a forum/blog that mentioned specific distros that work with IdleTimeOut?
-
Dizzle almost 15 yearsJust saw your edited reply; I definitely want to do something server-side, so I'll make a more concerted effort to find an IdleTimeOut setting compatible with my setup. I did try longer keepalive settings, per Jure above, but no luck. Thanks James!
-
ThorstenS almost 15 yearsdid you restart the sshd after this and reconnected? otherwise the old config is used for this connection.
-
Dizzle almost 15 yearsThis is great information James, especially the TCP variables link. You were able to describe what I was slowly trying to peel apart in my head, but several of the links I came across kept mentioning the idle timeout and keepalives as if they were the same thing. Thanks for your help!
-
Dizzle almost 15 yearsJust started reading the link you sent; this tool looks great so far, I'll start playing with it this week. Thanks!
-
Dizzle almost 15 yearsMy apologies Jure/Thorsten, I retried and it worked. Hmmm...I was sure that I'd logged out/in after restarting sshd, but maybe not. I think I was bouncing around too much and not fully understanding the different pieces. Thanks to both of you; between this, TMOUT, and the idled suggestion below, I think I'm well equipped now.
-
ThorstenS almost 15 yearsoh fine, you are welcome :)
