SSH timeout does not happen and not disconnect

Question

I am running ssh command from Ubuntu 18.04.3 LTS and mobaxterm v21.5 and I am trying to connect a Linux board which has kernel 4.9.

I have configured in /etc/ssh/sshd_config as

ClientAliveInterval 60
ClientAliveCountMax 0

on the linux board.

After 60 sec, Its disconnecting only in openssh 8.0 version, but not disconnecting in 8.2,8.5,8.7,8.9 version. Is it bug in version in 8.2. 8.5, 8.7. 8.9?

Does this answer your question? SSH ClientAliveCountMax setting does not seem to work and to disconnect the user — Kamil Maciorowski, Jul 01 '22 at 09:19
Are you sure you are using the correct options? https://unix.stackexchange.com/questions/3026/what-do-options-serveraliveinterval-and-clientaliveinterval-in-sshd-config-d — number9, Jul 01 '22 at 14:41
Welcome to the site. It seems you are working from two accounts. Please see the help center topic on how to merge them. — AdminBee, Jul 05 '22 at 09:24

score 0 · Answer 1 · answered Jul 01 '22 at 08:42

after specified time in ClientAliveInterval /etc/ssh/sshd_config

What value have you configured? sshd manpage states following:

ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been 
received from the client, sshd(8) will send a message through the
encrypted channel to request a response from the client. The default is 0,
indicating that these messages will not be sent to the client.
This option applies to protocol version 2 only.

If you want connection to time out, sounds like default value is the way to go.

Note session keepalive is also configured on the connecting client side in ~/.ssh/config:

ServerAliveInterval
Sets a timeout interval in seconds after which if no data has been
received from the server, ssh(1) will send a message through the
encrypted channel to request a response from the server. The default is 0,
indicating that these messages will not be sent to the server.
This option applies to protocol version 2 only.

Eg myself don't want ssh sessions to time out, which is why I have following in my ~/.ssh/config:

Host *
  ServerAliveInterval 15
  ServerAliveCountMax 3

Related thread

Sotto Voce · Answer 2 · 2022-08-01T22:03:14.550

0

The man page for the sshd_config file (Openssh v8.6p1) says at the end of the description for ClientAliveCountMax:

 Setting a zero ClientAliveCountMax disables connection termination.

Your ClientAliveCountMax 0 setting is preventing the disconnections. Try the default of 3 (as laur already suggested), or at least 1.

edited Aug 01 '22 at 22:03

answered Aug 01 '22 at 21:16

Sotto Voce

4,131

score 0 · Answer 3 · edited May 31 '23 at 09:34

maybe you can just use bash script to kill ssh connection that is idle and set this bash script to run on crontab every minutes. just change the value below.. to your preferred idle time to kill ssh connection 1800sec = 30minutes

#!/bin/bash
# Get the idle information from "w" command#
idle_info=$(w)
Loop through each line of idle information#
while IFS= read -r line; do
Extract the username, terminal, and idle time from the line
username=$(echo "$line" | awk '{print $1}')
  terminal=$(echo "$line" | awk '{print $2}')
  idle_time=$(echo "$line" | awk '{print $5}' | sed 's/[^0-9.]//g')
Check if the terminal is an SSH session and the idle time exceeds 30 minutes (1800 seconds)#
if [[ "$terminal" =~ ^pts/ ]] && (( $(echo "$idle_time > 1800" | bc -l) )); then
    # Terminate the SSH session#
    sudo pkill -9 -t "$terminal"
    echo "Killed SSH session for user $username on terminal $terminal (Idle for $idle_time seconds)"
  fi
done <<< "$idle_info"

SSH timeout does not happen and not disconnect

3 Answers3

Loop through each line of idle information#

Extract the username, terminal, and idle time from the line

Check if the terminal is an SSH session and the idle time exceeds 30 minutes (1800 seconds)#