How to disconnect idle SSH session? Linux terminate ssh session. Linux SSH close connection after sometime. ssh idle timeout. keep idle ssh session active in Linux. disconnect idle ssh session timeout. ssh close session timeout. ssh timeout. ssh idle timeout Linux. Autodisconnect idle ssh session Linux. Kill inactive ssh session automatically in Linux. Automatically disconnect idle ssh session in Linux. terminate inactive ssh session in Unix. ssh close connection after time. how to disconnect from ssh
What is an idle SSH session?
Here we mean that a ssh connection was made between a host and a client but there has been no activity on this connection by the user and is considered idle. Here although the ssh session is not in stuck state. You can list all the active ssh connections and then check the idle time for individual source host.
In this article I will share the trick to disconnect an idle SSH session automatically and also to avoid getting disconnected for an idle SSH session. In my last article I had shared the steps and examples to terminate an unresponsive SSH session in Linux.
The trick to disconnect idle SSH session is to use below two arguments with proper values to achieve both the scenario i.e. to disconnect an idle SSH session and also to make sure your SSH session does not gets disconnected when idle
But before disconnecting any such ssh session it is also important to know the currently active SSH sessions on your Linux node. There are various ssh authentication methods using which you can connect to Linux nodes with or without password depending upon your requirement.
From the man page
ClientAliveCountMax Sets the number of client alive messages which may be sent without sshd(8) receiving any messages back from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the client, terminating the session. It is important to note that the use of client alive messages is very different from TCPKeepAlive. The client alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The client alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive. The default value is 3. If ClientAliveInterval is set to 15, and ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds. ClientAliveInterval Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client.
Disconnect idle SSH session (ssh close connection after sometime)
To disconnect idle SSH session i.e. to ssh close connection after some time make sure
ClientAliveCountMax is 0. Because when is 0, sshd will not send client alive messages and ssh close connection after sometime if client is inactive for time period as provided with
ClientAliveCountMaxon the client node instead of server side to ssh close connection after sometime. Assuming you are doing SSH from node1 → node2 in that case apply these changes on
node2so that SSH connection from any node to
node2will get disconnected when idle more than defined time.
Look out for the current assigned value of
/etc/ssh/sshd_config on node2
sshd_config. It means that your
sshd_configfile is customised and no one has defined a value for
ClientAliveCountMax. To get the default value of an unassigned variable, you must get the values of all the variables from
sshd_configwhich you can view using "
# sshd -T | grep -i client clientaliveinterval 10 clientalivecountmax 1
Next assign a null value for
/etc/ssh/sshd_config on the client node which for me is
node2:~ # grep ClientAliveCountMax /etc/ssh/sshd_config ClientAliveCountMax 0
Now we should also assign a time interval for which the session will be allowed to be active when idle. This can be defined using
ClientAliveInterval again in the
/etc/ssh/sshd_config file on my client node i.e. node2
node2:~ # grep ClientAliveInterval /etc/ssh/sshd_config ClientAliveInterval 10
For the sake of this article I am giving 10 seconds as this interval period. You can change this value based on your requirement.
Restart the sshd service and check the status
node2:~ # systemctl restart sshd
node2:~ # systemctl status sshd ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2019-05-31 16:16:20 IST; 51s ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 19792 (sshd) CGroup: /system.slice/sshd.service └─19792 /usr/sbin/sshd -D May 31 16:16:20 node2 systemd: Starting OpenSSH server daemon... May 31 16:16:20 node2 sshd: Server listening on 18.104.22.168 port 22. May 31 16:16:20 node2 sshd: Server listening on node2 port 22. May 31 16:16:20 node2 systemd: Started OpenSSH server daemon.
Next let us initiate the SSH session from node1 to node2
[root@node1 ~]# ssh -v root@node2
Monitor the idle SSH session on
node2 using '
w' to make sure ssh close connection after some time when idle
[root@node2 ~]# w 16:21:11 up 7:04, 2 users, load average: 0.00, 0.01, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 10.0.2.2 09:17 7.00s 0.26s 0.01s w root pts/1 10.0.2.31 16:21 2.00s 0.03s 0.03s -bash [root@node2 ~]# w 16:21:14 up 7:04, 2 users, load average: 0.00, 0.01, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 10.0.2.2 09:17 2.00s 0.26s 0.00s w root pts/1 10.0.2.31 16:21 5.00s 0.03s 0.03s -bash [root@node2 ~]# w 16:21:17 up 7:04, 2 users, load average: 0.00, 0.01, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 10.0.2.2 09:17 5.00s 0.26s 0.00s w root pts/1 10.0.2.31 16:21 8.00s 0.03s 0.03s -bash [root@node2 ~]# w 16:21:19 up 7:04, 2 users, load average: 0.00, 0.01, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 10.0.2.2 09:17 7.00s 0.26s 0.00s w root pts/1 10.0.2.31 16:21 10.00s 0.03s 0.03s -bash [root@node2 ~]# w 16:21:20 up 7:04, 1 user, load average: 0.00, 0.01, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 10.0.2.2 09:17 0.00s 0.28s 0.02s w
As you see, after 10 seconds of idle ssh session from node1 to node2, the SSH close connection after sometime automatically. Below debug message is seen on my node1
[root@node2 ~]# debug1: channel 0: free: client-session, nchannels 1 Connection to node2 closed by remote host. Connection to node2 closed. Transferred: sent 2220, received 2412 bytes, in 10.4 seconds Bytes per second: sent 213.8, received 232.3 debug1: Exit status -1
So our idle SSH session gets disconnected automatically after waiting for 10 seconds.
Keep idle SSH session active (ClientAliveInterval & ClientAliveCountMax)
Now above I showed you the trick to make sure your idle SSH session gets automatically disconnected. Now if this is becoming a problem for you then you can increase the value of
ClientAliveCountMax to a non-zero value.
Additionally you can also use
TCPKeepAlive in your
sshd_config on the client node.
From the man page of sshd_config:
TCPKeepAlive Specifies whether the system should send TCP keepalive messages to the other side. If they are sent, death of the connection or crash of one of the machines will be properly noticed. However, this means that connections will die if the route is down temporarily, and some people find it annoying. On the other hand, if TCP keepalives are not sent, sessions may hang indefinitely on the server, leaving "ghost" users and consuming server resources. The default is yes (to send TCP keepalive messages), and the server will notice if the network goes down or the client host crashes. This avoids in‐ finitely hanging sessions. To disable TCP keepalive messages, the value should be set to no.
For the sake of this article I will use below values
[root@node2 ~]# vim /etc/ssh/sshd_config ClientAliveInterval 5m # 5 minutes ClientAliveCountMax 3 # 3 times
Here sshd will send messages, called Client Alive Messages, through the encrypted channel to request a response from client if client is inactive for 5 minutes. The sshd daemon will send these messages max three times. If this threshold is reached while Client Alive Messages are being sent, sshd will disconnect the idle ssh session on the client.
These values can also be used in combination with
ServerAliveCountMax to automatically disconnect a hung or unresponsive SSH session.
Next restart the sshd service and check the status
[root@node2 ~]# systemctl restart sshd
[root@node2 ~]# systemctl status sshd ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2019-05-31 16:37:06 IST; 1s ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 9866 (sshd) Tasks: 1 CGroup: /system.slice/sshd.service └─9866 /usr/sbin/sshd -D May 31 16:37:06 node2.example.com systemd: Stopped OpenSSH server daemon. May 31 16:37:06 node2.example.com systemd: Starting OpenSSH server daemon... May 31 16:37:06 node2.example.com sshd: Server listening on 0.0.0.0 port 22. May 31 16:37:06 node2.example.com sshd: Server listening on :: port 22. May 31 16:37:06 node2.example.com systemd: Started OpenSSH server daemon.
Lastly I hope the steps from the article to disconnect idle SSH session, ssh close connection after sometime or to avoid idle SSH session getting disconnected on Linux was helpful. So, let me know your suggestions and feedback using the comment section.