ssh timeout Keepalive
by LinuGeek from LinuxQuestions.org on (#4S0R3)
Hello Experts,
I am planning to setup SSH KeepAlive setting on our Login Servers. Surprisingly few users complained that their connection getting aborted when the SSH-(Putty) Session is idel for lets say 30-Mins to 1 Hr. But I myself never faced that problem when we connect to the server within office premises.
From home office , we connect to the servers using VPN. So I suspect there should be a Firewall inbetween which handles this SSH- IDLE Sessions.
I am thinking of changing the SSH Keepalive parameters on the login Servers (/etc/sshd/sshd_config) as shown below,
Before :
#TCPKeepAlive yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
After :
#TCPKeepAlive yes
#ClientAliveInterval 480
#ClientAliveCountMax 3
So the Server sends the KeepAlive Packet to client System every 8 Minutes until (ClientAliveCountMax = ) 3 = 8 * 3 = 24 Minutes. So it should be sufficient if the firewall has Timeout set after 30 Minutes.
Please let me know if my considerations are correct or am I missing someting?
Regards.
I am planning to setup SSH KeepAlive setting on our Login Servers. Surprisingly few users complained that their connection getting aborted when the SSH-(Putty) Session is idel for lets say 30-Mins to 1 Hr. But I myself never faced that problem when we connect to the server within office premises.
From home office , we connect to the servers using VPN. So I suspect there should be a Firewall inbetween which handles this SSH- IDLE Sessions.
I am thinking of changing the SSH Keepalive parameters on the login Servers (/etc/sshd/sshd_config) as shown below,
Before :
#TCPKeepAlive yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
After :
#TCPKeepAlive yes
#ClientAliveInterval 480
#ClientAliveCountMax 3
So the Server sends the KeepAlive Packet to client System every 8 Minutes until (ClientAliveCountMax = ) 3 = 8 * 3 = 24 Minutes. So it should be sufficient if the firewall has Timeout set after 30 Minutes.
Please let me know if my considerations are correct or am I missing someting?
Regards.