[sf-lug] keep alive time for an ssh connection
rick at linuxmafia.com
Sat Dec 20 23:52:26 PST 2008
Quoting Alex Kleider (a_kleider at yahoo.com):
> I tried
> ssh -o TCPKeepAlive <machine>
> but it made no difference!
Hmm, you got the syntax wrong. There's a missing "=yes", there.
"man 5 ssh_config" is your friend.
:r! man 5 ssh_config
Reformatting ssh_config(5), please wait...
SSH_CONFIG(5) BSD File Formats Manual SSH_CONFIG(5)
ssh_config - OpenSSH SSH client configuration files
ssh obtains configuration data from the following sources in the follow-
1. command-line options
2. user's configuration file (~/.ssh/config)
3. system-wide configuration file (/etc/ssh/ssh_config)
Specifies whether the system should send TCP keepalive messages
to the other side. If they are sent, death of the connection or
crash of one of the machines will be properly noticed. This
option only uses TCP keepalives (as opposed to using ssh level
keepalives), so takes a long time to notice when the connection
dies. As such, you probably want the ServerAliveInterval option
as well. However, this means that connections will die if the
route is down temporarily, and some people find it annoying.
The default is ``yes'' (to send TCP keepalive messages), and the
client will notice if the network goes down or the remote host
dies. This is important in scripts, and many users want it too.
To disable TCP keepalive messages, the value should be set to
I notice that it defaults to "yes", though, unless your distribution has
changed that behaviour.
In addition, you should attend to:
Sets a timeout interval in seconds after which if no data has
been received from the server, ssh will send a message through
the encrypted channel to request a response from the server. The
default is 0, indicating that these messages will not be sent to
the server, or 300 if the BatchMode option is set.
ProtocolKeepAlives is a Debian-specific compatibility alias for
Sets the number of server alive messages (see above) which may be
sent without ssh receiving any messages back from the server. If
this threshold is reached while server alive messages are being
sent, ssh will disconnect from the server, terminating the ses-
sion. It is important to note that the use of server alive mes-
sages is very different from TCPKeepAlive (below). The server
alive messages are sent through the encrypted channel and there-
fore will not be spoofable. The TCP keepalive option enabled by
TCPKeepAlive is spoofable. The server alive mechanism is valu-
able when the client or server depend on knowing when a connec-
tion has become inactive.
The default value is 3. If, for example, ServerAliveInterval
(above) is set to 15, and ServerAliveCountMax is left at the
default, if the server becomes unresponsive ssh will disconnect
after approximately 45 seconds. This option works when using
protocol version 2 only; in protocol version 1 there is no mecha-
nism to request a response from the server to the server alive
messages, so disconnection is the responsibility of the TCP
"ServerAliveInterval 5" seems about right.
More information about the sf-lug