How to prevent SSH session timeouts

SSH connections that drop after a short period of inactivity interrupt long-running tasks, file transfers, and monitoring sessions. Frequent idle disconnections increase the risk of half-finished deployments and force repeated logins on busy systems.

The OpenSSH stack controls idle behaviour using server-side options such as TCPKeepAlive, ClientAliveInterval, and ClientAliveCountMax in /etc/ssh/sshd_config and client-side options such as ServerAliveInterval in /etc/ssh/ssh_config or ~/.ssh/config. Adjusting these timers changes how long an idle session is allowed to stay open and how aggressively unreachable peers are cleaned up.

Raising keepalive intervals and counters can keep sessions stable through temporary network issues, stateful firewalls, or VPN timeouts, but very long-lived sessions may conflict with security policies on shared servers. Server-side changes require administrative access and affect every user, whereas client-side keepalives apply only to the local user configuration and are safer when policy is unknown.

Methods to prevent SSH connection timeout:

Avoid SSH timeout from the server
Avoid SSH timeout from the client

Avoid SSH timeout from the server

On the server side, idle SSH sessions stay active longer by tuning TCPKeepAlive, ClientAliveInterval, and ClientAliveCountMax in /etc/ssh/sshd_config. These settings define how often sshd probes connected clients and how many unanswered probes are tolerated before the session is dropped.

Open a terminal on the SSH server.
```
$ whoami
user
```
Open the server /etc/ssh/sshd_config file in a text editor.
```
$ sudo vi /etc/ssh/sshd_config
```

Set TCPKeepAlive to no to disable kernel TCP keepalive probes and rely on encrypted keepalives from sshd.

TCPKeepAlive no

TCPKeepAlive
        Specifies whether the system should send TCP keepalive messages to the other side.  If they are sent, death of the
        connection or crash of one of the machines will be properly noticed.  However, this means that connections will die
        if the route is down temporarily.
##### snipped #####

Set ClientAliveInterval to an interval in seconds such as 30 to send encrypted keepalive messages periodically.

ClientAliveInterval 30

ClientAliveInterval
        Sets a timeout interval in seconds after which if no data has been received from the client, sshd will send a
        message through the encrypted channel to request a response from the client.

Set ClientAliveCountMax to a higher value such as 240 so unresponsive clients are disconnected only after extended inactivity.

ClientAliveCountMax 240

ClientAliveCountMax
        Sets the number of client alive messages which may be sent without sshd receiving any messages back from the client.
        If this threshold is reached while client alive messages are being sent, sshd will disconnect the client.

Save the changes in /etc/ssh/sshd_config.

Large ClientAliveCountMax values keep idle sessions connected for a long time, which may violate security policies on multi-user servers.
Exit the text editor.
Validate the sshd configuration syntax before restarting the service.
```
$ sudo sshd -t
```
Syntax errors in /etc/ssh/sshd_config prevent sshd from starting and can block remote logins.

Related: How to check and validate SSH server's configuration
Restart the ssh service so the new timeout settings take effect.
```
$ sudo systemctl restart ssh
```
Related: [DRAFT] How to manage the SSH server service with systemctl in Linux

Confirm that ssh is active after the restart.

$ sudo systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2025-12-11 10:15:01 UTC; 5s ago
##### snipped #####

Verify that an idle SSH session remains connected longer than before by leaving it open without input.

$ ssh user@example.com
Welcome to Ubuntu 22.04 LTS
Last login: Thu Dec 11 10:00:01 2025 from 192.0.2.10

Avoid SSH timeout from the client

When server-side changes are not possible, the SSH client sends periodic keepalive messages with ServerAliveInterval to keep idle sessions visible to the server and intermediate firewalls.

Open the SSH client configuration file for the current user.
```
$ vi ~/.ssh/config
```
Edit /etc/ssh/ssh_config instead of ~/.ssh/config to apply the option to all users on the system.
Add or adjust a host block with a suitable ServerAliveInterval value such as 30 seconds.
```
Host example
    HostName example.com
    ServerAliveInterval 30
```
Save the client configuration file.

Very short intervals on many clients can generate unnecessary background traffic on constrained links.
Alternatively, specify ServerAliveInterval directly on the SSH command line for ad hoc connections.
```
$ ssh -o ServerAliveInterval=30 user@example.com
```

Confirm that the server now keeps the idle session active for the configured time by leaving the connection open without input.

$ ssh -o ServerAliveInterval=30 user@example.com
Welcome to Ubuntu 22.04 LTS
Last login: Thu Dec 11 10:20:01 2025 from 192.0.2.20

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.

Discuss the article:

Comment anonymously. Login not required.