How to Keep Alive SSH Sessions in Linux? [SOLVED]

Table of Contents

In today's fast-paced digital world, managing remote servers and ensuring seamless connectivity have become critical tasks for developers and system administrators. One of the most widely used tools for remote server management is the Secure Shell (SSH) protocol. However, maintaining an uninterrupted SSH session can sometimes prove challenging, as idle sessions often get disconnected due to various factors, such as network issues or server settings. In this article, we will explore how to keep SSH sessions alive in Linux, ensuring that your connection remains stable and active even during periods of inactivity. By following the techniques and tips outlined in this guide, you will be able to enhance your productivity, reduce the risk of data loss, and experience a smoother workflow while working with remote Linux servers. So, let's dive in and learn how to keep your SSH sessions up and running without any interruptions.

Keep Alive SSH Sessions in Linux

Keep Alive SSH Sessions refer to the practice of maintaining an active and uninterrupted SSH connection between a client and a server, even during periods of inactivity. This is particularly useful when working with remote servers for extended durations, as it helps prevent the SSH session from timing out or getting disconnected due to network issues or server settings.

In the context of sshd (the SSH server daemon), keep-alive configurations can be adjusted to ensure that the SSH connection remains active. These settings can be modified in the sshd_config file, which is typically located in the /etc/ssh directory.

There are two primary settings to consider when configuring Keep Alive SSH Sessions in sshd:

TCPKeepAlive: This setting controls the use of the underlying TCP protocol's keep-alive mechanism. When enabled (set to 'yes'), the SSH server will send periodic keep-alive packets to the client to maintain the connection. However, these packets may not be reliable as they can be dropped by firewalls or routers. The default value for this setting is 'yes'.
ClientAliveInterval and ClientAliveCountMax: These settings work together to implement an application-level keep-alive mechanism that is more reliable compared to TCP keep-alive packets. ClientAliveInterval defines the time interval (in seconds) between keep-alive packets sent from the server to the client. If the client does not respond to a keep-alive packet, the server will continue sending these packets until the maximum number specified in ClientAliveCountMax is reached. If the client still doesn't respond after reaching this limit, the server will close the connection.

ALSO READ: Top 5 Best Practices for Containerized Deployments

Using TCPKeepAlive

TCPKeepAlive is a setting in the SSH server configuration that controls the usage of the TCP protocol's built-in keep-alive mechanism. This mechanism is designed to maintain the connectivity between two devices in a network by periodically sending keep-alive packets to verify that the connection is still active. If one of the devices stops responding, the other will eventually close the connection, considering it as dead.

In the context of SSH, enabling TCPKeepAlive helps maintain an active and uninterrupted SSH session between the client and the server, particularly during periods of inactivity. However, the TCP keep-alive mechanism can be less reliable, as some firewalls or routers may drop these packets, leading to unintended disconnections.

To enable TCPKeepAlive in the SSH server, you need to modify the sshd_config file, which is usually located in the /etc/ssh directory. Open the file with your preferred text editor, and add or modify the following line:

Open the sshd_config file with a text editor:

$ sudo vi /etc/ssh/sshd_config

#TCPKeepAlive yes

remove the # at the beginning of the line:

TCPKeepAlive yes

Then save the file and exit. Restart the sshd service for the settings to take effect:

$ sudo systemctl restart sshd

After the changes you have made in the sshd_config file, ssh connections will be kept alive.

Example:

Consider a scenario where an SSH client is connected to an SSH server, and the user is idle for a certain period. With TCPKeepAlive enabled, the SSH server will send keep-alive packets to the client at regular intervals (defined by the system's TCP settings) to ensure the connection is still active. If the client does not respond to these packets, the server will continue to send them for a specific number of times or until a certain time limit is reached (defined by the system's TCP settings). If the client still doesn't respond, the server will eventually close the connection.

NOTE:

Using TCPKeepAlive alone might not be sufficient to maintain stable SSH sessions in all cases, as the packets can be dropped by network devices. To ensure a more reliable keep-alive mechanism, consider using the application-level keep-alive settings in the SSH server configuration, such as ClientAliveInterval and ClientAliveCountMax, which are designed specifically for maintaining SSH connections.

ALSO READ: 10 easy steps to move directory to another partition RHEL/CentOS 7/8

Using ClientAliveInterval and ClientAliveCountMax

ClientAliveInterval and ClientAliveCountMax are two settings in the SSH server configuration that work together to implement an application-level keep-alive mechanism. This mechanism is more reliable compared to the TCP keep-alive mechanism, as it is specifically designed for maintaining SSH connections.

ClientAliveInterval: This setting defines the time interval (in seconds) between keep-alive packets sent from the server to the client. If the client does not respond to a keep-alive packet, the server will continue sending these packets at the specified interval.
ClientAliveCountMax: This setting defines the maximum number of keep-alive packets that the server will send to the client without receiving a response. If the client still doesn't respond after reaching this limit, the server will close the connection.

To configure these settings, you need to modify the sshd_config file, usually located in the /etc/ssh directory. Open the file with your preferred text editor and add or modify the following lines:

ClientAliveInterval 60
ClientAliveCountMax 5

In this example, the server will send a keep-alive packet to the client every 60 seconds. If the client does not respond, the server will continue to send keep-alive packets until it reaches the maximum of 5 unacknowledged packets. After that, the server will close the connection.

Example:

Consider a scenario where an SSH client is connected to an SSH server, and the user remains idle for an extended period. With ClientAliveInterval set to 60 and ClientAliveCountMax set to 5, the server will send a keep-alive packet to the client every 60 seconds. If the client does not respond, the server will send additional keep-alive packets at 60-second intervals. After sending a total of 5 keep-alive packets without receiving a response from the client, the server will close the connection.

What are ServerAliveInterval and ServerAliveCountMax?

ServerAliveInterval and ServerAliveCountMax are SSH client-side settings that help maintain an active and stable connection to the remote server during periods of inactivity. These settings implement an application-level keep-alive mechanism, which is more reliable than the TCP keep-alive mechanism.

ServerAliveInterval: This setting defines the time interval (in seconds) between keep-alive packets sent from the client to the server. If the server does not respond to a keep-alive packet, the client will continue sending these packets at the specified interval.
ServerAliveCountMax: This setting defines the maximum number of keep-alive packets that the client will send to the server without receiving a response. If the server still doesn't respond after reaching this limit, the client will close the connection.

ALSO READ: 6 ssh authentication methods to secure connection (sshd_config)

How to choose ServerAliveInterval Vs ClientAliveInterval option?

You should use ServerAliveInterval and ServerAliveCountMax options in situations where maintaining an active and stable SSH connection is crucial, and there's a risk of disconnection due to network issues or periods of inactivity. Examples include:

Long-running tasks or processes that require occasional user input
Unstable network connections that can cause the connection to drop
Network devices (firewalls, routers) that may close idle connections
Remote sessions where you need to ensure connectivity for an extended period

Keep in mind that these settings are client-side and should be used when you have control over the client configuration or when you are connecting to a remote server with unknown server-side settings.

On the other hand, ClientAliveInterval and ClientAliveCountMax are server-side settings that serve a similar purpose. These options are used when you have control over the server configuration and want to ensure active and stable SSH connections for all connected clients.

In summary, choose ServerAliveInterval and ServerAliveCountMax when configuring the client-side settings, and ClientAliveInterval and ClientAliveCountMax when configuring the server-side settings. Both pairs of settings help maintain stable SSH connections during periods of inactivity or network instability, but they target different sides of the connection (client or server).

If you don't have access to SSHD server, you can set the client-side options, which are ServerAliveInterval and ServerAliveCountMax. These options will achieve the same goal of maintaining an active SSH session by sending keep-alive packets from the client to the server.

To use these options directly with the SSH command, you can utilize the -o flag followed by the option and its value. Here's an example:

ssh -o ServerAliveInterval=60 -o ServerAliveCountMax=5 user@example.com

In this example, the client will send a keep-alive packet to the server every 60 seconds (ServerAliveInterval). If the server does not respond, the client will continue sending keep-alive packets until it reaches the maximum of 5 unacknowledged packets (ServerAliveCountMax). After that, the client will close the connection.

ALSO READ: Capture ssh & sshd strace logs [Step-by-Step]

Any performance impacts?

Using ServerAliveInterval, ClientAliveInterval, and their respective CountMax options can have some minor performance impacts, but they are generally negligible for most use cases.

Network overhead: Sending keep-alive packets consumes some network bandwidth. However, the packets are small and sent at a relatively low frequency, so the impact on network performance is minimal. In most cases, the benefits of maintaining a stable connection outweigh the minor network overhead.
CPU usage: Processing keep-alive packets consumes a small amount of CPU resources on both the client and server. Again, this impact is negligible for most scenarios, as the processing required for these packets is minimal.
Connection tracking: When these options are enabled, the SSH client and server will need to track connection states and manage timers for sending and receiving keep-alive packets. This may result in a minor increase in memory usage, but it is generally not a concern for most systems.

Recommended Best Practices

The best practices for setting values for ServerAliveInterval, ServerAliveCountMax, ClientAliveInterval, and ClientAliveCountMax depend on your specific use case and requirements. However, here are some general recommendations to help you configure these options effectively:

ServerAliveInterval (Client-side): A reasonable value for ServerAliveInterval is between 30 to 60 seconds. This interval is long enough to avoid excessive network overhead but short enough to maintain a stable connection during periods of inactivity.
ServerAliveCountMax (Client-side): A recommended value for ServerAliveCountMax is between 3 to 5. This value provides a good balance between allowing temporary network issues to resolve and closing the connection when the server becomes unresponsive.
ClientAliveInterval (Server-side): Similar to ServerAliveInterval, setting ClientAliveInterval between 30 to 60 seconds is generally recommended. This interval helps maintain stable connections for clients without causing too much network overhead.
ClientAliveCountMax (Server-side): A recommended value for ClientAliveCountMax is also between 3 to 5. This value strikes a balance between giving clients a chance to respond during temporary network issues and closing unresponsive connections to free up server resources.

ALSO READ: SSH into Docker Container [3 Simple Methods]

What is NEXT?

Summary

In this tutorial we shared tips to Keep Alive SSH Sessions in Linux. TCP Keep-Alive in Linux is a mechanism that helps maintain active and stable connections between network devices during periods of inactivity or network instability. It works at the transport layer (Layer 4) of the OSI model and utilizes periodic keep-alive packets to detect whether a connection is still active.

TCP Keep-Alive is enabled by default on most systems, ensuring that idle connections are not closed prematurely by network devices such as firewalls, routers, or switches. The primary components of TCP Keep-Alive include the keep-alive time, interval, and probe count, which can be adjusted to optimize connection stability and resource usage.

While TCP Keep-Alive is a useful feature for maintaining network connections, it has some limitations, such as being susceptible to false positives and negatives in some network environments. As a result, application-level keep-alive mechanisms like SSH's ServerAliveInterval and ClientAliveInterval options are often preferred for maintaining stable connections in specific use cases, such as remote sessions or long-running tasks.

Feel free to comment on any problems you encounter.

References

stackoverflow.com - Keep SSH session alive [closed]
unix.stackexchange.com - How does tcp-keepalive work in ssh?