How to disconnect idle SSH session? Linux terminate ssh session. Linux close SSH session. ssh idle timeout. keep idle ssh session active in Linux. disconnect idle ssh session timeout. ssh close session timeout. ssh timeout. ssh idle timeout Linux. Automatically disconnect idle ssh session Linux. Kill inactive ssh session automatically in Linux. Automatically disconnect idle ssh session in Linux. terminate inactive ssh session in Unix.

How to disconnect idle ssh session or keep idle ssh session active in Linux

What is an idle SSH session?

Here we mean that a ssh connection was made between a host and a client but there has been no activity on this connection by the user and is considered idle. Here although the ssh session is not in stuck state. You can list all the active ssh connections and then check the idle time for individual source host.

In this article I will share the trick to disconnect an idle SSH session automatically and also to avoid getting disconnected for an idle SSH session. In my last article I had shared the steps and examples to terminate an unresponsive SSH session in Linux.

The trick to disconnect idle SSH session is to use below two arguments with proper values to achieve both the scenario i.e. to disconnect an idle SSH session and also to make sure your SSH session does not gets disconnected when idle

  • ClientAliveInterval
  • ClientAliveCountMax

 

But before disconnecting any such ssh session it is also important to know the currently active SSH sessions on your Linux node.

From the man page

     ClientAliveCountMax
             Sets the number of client alive messages which may be sent without sshd(8) receiving any messages back from the client.  If this threshold is reached
             while client alive messages are being sent, sshd will disconnect the client, terminating the session.  It is important to note that the use of client
             alive messages is very different from TCPKeepAlive.  The client alive messages are sent through the encrypted channel and therefore will not be
             spoofable.  The TCP keepalive option enabled by TCPKeepAlive is spoofable.  The client alive mechanism is valuable when the client or server depend
             on knowing when a connection has become inactive.

             The default value is 3.  If ClientAliveInterval is set to 15, and ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds.

     ClientAliveInterval
             Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a message through the encrypted channel to request a response from the client.  The default is 0, indicating that these messages will not be sent to the client.

 

Disconnect idle SSH session

To disconnect idle SSH session make sure ClientAliveCountMax is 0. Because when is 0, sshd will not send client alive messages and terminate the session directly if client is inactive for time period as provided with ClientAliveInterval.

NOTE:
Change the value of ClientAliveCountMax on the client node instead of server side. Assuming you are doing SSH from node1node2 in that case apply these changes on node2 so that SSH connection from any node to node2 will get disconnected when idle more than defined time.

Look out for the current assigned value of ClientAliveCountMax in /etc/ssh/sshd_config on node2

NOTE:
It is possible that this variable does not exist in your sshd_config. It means that your sshd_config file is customised and no one has defined a value for ClientAliveCountMax. To get the default value of an unassigned variable, you must get the values of all the variables from sshd_config which you can view using “sshd -T“.
# sshd -T | grep -i client
clientaliveinterval 10
clientalivecountmax 1

Next assign a null value for ClientAliveCountMax in /etc/ssh/sshd_config on the client node which for me is node2

node2:~ # grep ClientAliveCountMax /etc/ssh/sshd_config
ClientAliveCountMax 0

Now we should also assign a time interval for which the session will be allowed to be active when idle. This can be defined using ClientAliveInterval again in the /etc/ssh/sshd_config file on my client node i.e. node2

node2:~ # grep ClientAliveInterval /etc/ssh/sshd_config
ClientAliveInterval 10

For the sake of this article I am giving 10 seconds as this interval period. You can change this value based on your requirement.

Restart the sshd service and check the status

node2:~ # systemctl restart sshd
node2:~ # systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2019-05-31 16:16:20 IST; 51s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 19792 (sshd)
   CGroup: /system.slice/sshd.service
           └─19792 /usr/sbin/sshd -D

May 31 16:16:20 node2 systemd[1]: Starting OpenSSH server daemon...
May 31 16:16:20 node2 sshd[19792]: Server listening on 192.150.20.2 port 22.
May 31 16:16:20 node2 sshd[19792]: Server listening on node2 port 22.
May 31 16:16:20 node2 systemd[1]: Started OpenSSH server daemon.

Next let us initiate the SSH session from node1 to node2

[root@node1 ~]# ssh -v root@node2

Monitor the idle SSH session on node2 using ‘w

[root@node2 ~]# w
 16:21:11 up  7:04,  2 users,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    10.0.2.2         09:17    7.00s  0.26s  0.01s w
root     pts/1    10.0.2.31        16:21    2.00s  0.03s  0.03s -bash

[root@node2 ~]# w
 16:21:14 up  7:04,  2 users,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    10.0.2.2         09:17    2.00s  0.26s  0.00s w
root     pts/1    10.0.2.31        16:21    5.00s  0.03s  0.03s -bash

[root@node2 ~]# w
 16:21:17 up  7:04,  2 users,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    10.0.2.2         09:17    5.00s  0.26s  0.00s w
root     pts/1    10.0.2.31        16:21    8.00s  0.03s  0.03s -bash

[root@node2 ~]# w
 16:21:19 up  7:04,  2 users,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    10.0.2.2         09:17    7.00s  0.26s  0.00s w
root     pts/1    10.0.2.31        16:21   10.00s  0.03s  0.03s -bash

[root@node2 ~]# w
 16:21:20 up  7:04,  1 user,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    10.0.2.2         09:17    0.00s  0.28s  0.02s w

As you see, after 10 seconds of idle ssh session from node1 to node2, the SSH session gets disconnected automatically. Below debug message is seen on my node1

[root@node2 ~]# debug1: channel 0: free: client-session, nchannels 1
Connection to node2 closed by remote host.
Connection to node2 closed.
Transferred: sent 2220, received 2412 bytes, in 10.4 seconds
Bytes per second: sent 213.8, received 232.3
debug1: Exit status -1
NOTE:
These debug messages are available because I had executed SSH in debug mode using “-v

So our idle SSH session gets disconnected automatically after waiting for 10 seconds.

 

Keep idle SSH session active (ClientAliveInterval & ClientAliveCountMax)

Now above I showed you the trick to make sure your idle SSH session gets automatically disconnected. Now if this is becoming a problem for you then you can increase the value of ClientAliveCountMax to a non-zero value.

Additionally you can also use TCPKeepAlive in your sshd_config on the client node.

From the man page of sshd_config:

     TCPKeepAlive
             Specifies whether the system should send TCP keepalive messages to the other side.  If they are sent, death of the connection or crash of one of the
             machines will be properly noticed.  However, this means that connections will die if the route is down temporarily, and some people find it annoying.
             On the other hand, if TCP keepalives are not sent, sessions may hang indefinitely on the server, leaving "ghost" users and consuming server
             resources.

             The default is yes (to send TCP keepalive messages), and the server will notice if the network goes down or the client host crashes.  This avoids in‐
             finitely hanging sessions.

             To disable TCP keepalive messages, the value should be set to no.

For the sake of this article I will use below values

[root@node2 ~]# vim /etc/ssh/sshd_config			 
ClientAliveInterval 5m  # 5 minutes 
ClientAliveCountMax 3   # 3 times

Here sshd will send messages, called Client Alive Messages, through the encrypted channel to request a response from client if client is inactive for 5 minutes. The sshd daemon will send these messages max three times. If this threshold is reached while Client Alive Messages are being sent, sshd will disconnect the idle ssh session on the client.

These values can also be used in combination with ServerAliveInterval and ServerAliveCountMax to automatically disconnect a hung or unresponsive SSH session.

Next restart the sshd service and check the status

[root@node2 ~]# systemctl restart sshd
[root@node2 ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2019-05-31 16:37:06 IST; 1s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 9866 (sshd)
    Tasks: 1
   CGroup: /system.slice/sshd.service
           └─9866 /usr/sbin/sshd -D

May 31 16:37:06 node2.example.com systemd[1]: Stopped OpenSSH server daemon.
May 31 16:37:06 node2.example.com systemd[1]: Starting OpenSSH server daemon...
May 31 16:37:06 node2.example.com sshd[9866]: Server listening on 0.0.0.0 port 22.
May 31 16:37:06 node2.example.com sshd[9866]: Server listening on :: port 22.
May 31 16:37:06 node2.example.com systemd[1]: Started OpenSSH server daemon.

 

Lastly I hope the steps from the article to disconnect idle SSH session or to avoid idle SSH session getting disconnected on Linux was helpful. So, let me know your suggestions and feedback using the comment section.

 

References:
Fix “Putty session keeps disconnecting when idle”

 

Leave a Reply

Your email address will not be published. Required fields are marked *