SSH sessions often disconnect automatically when left idle for too long. This is a common configuration on servers to prevent unused connections from consuming resources. Users typically receive an error message indicating that the connection has been closed by the remote host after a period of inactivity.
user@host:~$ Connection to example.com closed by remote host. Connection to example.com closed.
To maintain an active SSH session, adjustments can be made on either the server or the client side. Server-side configurations, such as TCPKeepAlive, ClientAliveInterval, and ClientAliveCountMax, determine how long a session can remain idle before being terminated. Modifying these settings can extend the session duration, reducing unwanted timeouts.
For users without server access, the SSH client can be configured to send regular keep-alive messages to the server. This keeps the connection active during idle periods and prevents automatic disconnections. Adjusting the ServerAliveInterval option on the client side is an effective way to maintain a stable SSH session.
Methods to prevent SSH connection timeout:
Avoid SSH timeout from the server
On the server side, idle SSH sessions can be kept active by adjusting key configuration settings like TCPKeepAlive, ClientAliveInterval, and ClientAliveCountMax. These parameters control how often the server checks the client’s status and how long it waits before terminating an idle session. By increasing these values, you can significantly extend the time a session remains active without user input, preventing unnecessary disconnections.
- Open the server’s sshd_config file in a text editor.
$ sudo vi /etc/ssh/sshd_config
- Set TCPKeepAlive to “no” to disable TCP keepalive messages.
TCPKeepAlive no
TCPKeepAlive Specifies whether the system should send TCP keepalive messages to the other side. If they are sent, death of the connection or crash of one of the machines will be properly noticed. However, this means that connections will die if the route is down temporarily, and some people find it annoying. On the other hand, if TCP keepalives are not sent, sessions may hang indefinitely on the server, leaving “ghost” users and consuming server resources. The default is “yes” (to send TCP keepalive messages), and the server will notice if the network goes down or the client host crashes. This avoids infinitely hanging sessions. To disable TCP keepalive messages, the value should be set to “no”. This option was formerly called KeepAlive.
- Set ClientAliveInterval to a specific value, such as 30 seconds.
ClientAliveInterval 30
ClientAliveCountMax Sets the number of client alive messages (see below) which may be sent without sshd(8) receiving any messages back from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the client, terminating the session. It is important to note that the use of client alive messages is very different from TCPKeepAlive (below). The client alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The client alive mechanism is valu‐ able when the client or server depend on knowing when a connection has become inactive. The default value is 3. If ClientAliveInterval (see below) is set to 15, and ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds. This option applies to pro‐ tocol version 2 only.
- Set ClientAliveCountMax to a higher number, like 240, to allow more keepalive messages before disconnecting.
ClientAliveCountMax 240
ClientAliveInterval Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client. This option applies to protocol version 2 only.
- Save the changes to the sshd_config file.
- Restart the SSH service to apply the changes.
$ sudo systemctl restart ssh
- Restart the SSHd service.
Avoid SSH timeout from the client
When server-side changes are not an option, the SSH client can be configured to send regular keep-alive messages using the ServerAliveInterval setting. This ensures the server continues to recognize the connection as active, even during idle periods. By setting the client to send these keep-alive packets at specified intervals, you can maintain a stable connection and avoid timeouts caused by inactivity.
- Edit the SSH client configuration file using a text editor.
$ vi ~/.ssh/config
Edit /etc/ssh/ssh_config if you want to apply the option to all users in the system.
- Add the ServerAliveInterval option with a value, such as 30 seconds.
ServerAliveInterval 30
- Save the changes to the client configuration file.
- Alternatively, specify the ServerAliveInterval option directly in the command line when connecting via SSH.
$ ssh -o ServerAliveInterval=30 user@example.com
Mohd Shakir Zakaria is an experienced cloud architect with a strong development and open-source advocacy background. He boasts multiple certifications in AWS, Red Hat, VMware, ITIL, and Linux, underscoring his expertise in cloud architecture and system administration.
Comment anonymously. Login not required.