Many NAT firewalls or VPN server time out idle sessions after a certain period of time to keep their trunks clean. Sometimes the interval between session drops is 24 hours, but on many commodity firewalls, connections are killed after as little as 300 seconds, and this can be a problem if you are working on a remote machine and suddenly you find yourself logged out with a message “Connection reset by peer”.
In a former article I’ve presented autossh, a solution that comes to your help when you want to be sure that a SSH connection stay always on between 2 machines. Autossh is a simple program that allows you to run an instance of ssh, keep it under control, and restart the same instance once that the connection is dropped up to a maximum number of times controlled by an environment variable.
This is useful if you need to have a “permanent” connection between 2 machines, but perhaps you just need to have a connection between your personal computer and different servers, and in these cases autossh is less useful, so let’s see how to use some openssh options to keep our connection open.
With openssh it’s easy to keep a connection “alive” sending a packet every n seconds, this is controlled by 2 parameters: ServerAliveCountMax and ServerAliveInterval.
Sets the number of server alive messages (see below) which may be sent without ssh receiving any messages back from the server. If this threshold is reached while server alive messages are being sent, ssh will disconnect from the server, terminating the session. The server alive messages are sent through the encrypted channel and therefore will not be spoofable. The server alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive.
The default value is 3. If, for example, ServerAliveInterval (see below) is set to 15 and ServerAliveCountMax is left at the default, if the server becomes unresponsive, ssh will disconnect after approximately 45 seconds. This option applies to protocol version 2 only.
Sets a timeout interval in seconds after which if no data has been received from the server, ssh(1) will send a message through the encrypted channel to request a response from the server. The default is 0, indicating that these messages will not be sent to the server, or 300 if the BatchMode option is set. This option applies to protocol version 2 only.
Set it client side
To enable the keep alive options system-wide (root access required), you should edit the file /etc/ssh/ssh_config and add these options:
Host * ServerAliveInterval 300 ServerAliveCountMax 3
As alternative you can also set the settings for just your user, editing the file (or create it if it doesn’t exist) ~/.ssh/config , the options are exactly the same.
Set it server side
You can also make your OpenSSH server keep alive all connections with clients by adding the following to the file /etc/ssh/sshd_config:
ServerAliveInterval 300 ServerAliveCountMax 3
These settings will make the SSH client or server send a null packet to the other side every 300 seconds (5 minutes), and give up if it doesn’t receive any response after 3 tries, at which point the connection is likely to have been discarded anyway.
- An introduction to systemd for CentOS 7
- Linux Games: Sanctum 2
- What goes around comes around: nearly half of DDoS attacked companies are hit twice or more
- Linux Terminal: An lsof Primer
- How to check if you are vulnerable to shellshock
Find me on Google+