How to enable SSH client keepalive

Idle SSH sessions often disconnect unexpectedly when intermediate firewalls or NAT devices drop silent connections. Enabling SSH client keepalive with the ServerAliveInterval option keeps a small stream of encrypted messages flowing so long-running shells, tunnels, or file transfers remain stable.

The OpenSSH client reads configuration from per-user and system-wide files, merging options when a connection starts. The ServerAliveInterval setting defines how often the client sends an application-layer keepalive request, while ServerAliveCountMax controls how many unanswered requests are tolerated before declaring the connection dead, working alongside lower-level TCPKeepAlive behavior.

Aggressive keepalive values can generate unnecessary network noise and sometimes conflict with security policies designed to expire idle sessions. Editing /~/.ssh/config or /etc/ssh/ssh_config too broadly can also impact automated jobs that rely on default timeouts. Conservative intervals and scoping keepalive options to selected hosts limit the risk of masking network problems or keeping forgotten sessions open indefinitely.

1. Ensure the SSH configuration directory exists in the home directory.

   $ mkdir -p ~/.ssh

   The /~/.ssh directory stores per-user keys and configuration for the OpenSSH client.

2. Restrict the SSH configuration directory permissions to the current user.

   $ chmod 700 ~/.ssh

   Overly permissive permissions can cause the OpenSSH client to ignore keys and configuration files for security reasons.

3. Open or create the per-user SSH client configuration file /~/.ssh/config in a text editor.

   $ nano ~/.ssh/config

   Per-user settings in /~/.ssh/config override matching options from the system-wide /etc/ssh/ssh_config file.

4. Add or update a host block for targets that require client keepalive using ServerAliveInterval and ServerAliveCountMax.

   Host server-example
     HostName server.example.net
     User alice
     ServerAliveInterval 60
     ServerAliveCountMax 3

   ServerAliveInterval is measured in seconds and, combined with ServerAliveCountMax, sets how long an unresponsive connection is kept before being closed.

5. Write the configuration changes to disk in the editor to persist the new keepalive options.
6. Open an SSH connection using the configured host alias so the client loads the new keepalive settings.

   $ ssh server-example
   Welcome to Example Linux
   alice@server-example:~$

7. Display the fully merged SSH configuration for the host to confirm that ServerAliveInterval and ServerAliveCountMax are active.

   $ ssh -G server-example | grep -i serveralive
   serveraliveinterval 60
   serveralivecountmax 3

   The ssh -G flag prints all effective options after combining command-line flags, per-user configuration, and system-wide defaults.

8. Optionally configure a global keepalive default for all SSH clients on the system by editing /etc/ssh/ssh_config as root and adding a Host * block with the desired options.

   $ sudo nano /etc/ssh/ssh_config

   Incorrect or overly aggressive values in /etc/ssh/ssh_config can disrupt tools that rely on SSH, such as scp or rsync, and may keep unattended sessions alive longer than intended.