How to keep SSH session intact?

Hello everyone, I am Xianyu

I wonder if you have ever encountered the following situation:

After logging into a Linux server using a terminal (XShell, secureCRT, or MobaXterm, etc.), if there is no interaction for a period of time, the SSH session will be disconnected

If some non-background commands are being executed, the disconnection of the SSH session may cause these commands to be interrupted, resulting in the inability to complete the task.

So how do you keep your SSH session intact? Let's take a look

Original link: https://linuxiac.com/how-to-keep-ssh-session-alive/

Why does SSH close the connection?

The short answer is that it all comes down to TCP timeouts

The TCP timeout is the amount of time a TCP connection or network operation waits for a response before considering the process to have failed.

In Linux, the TCP timeout setting determines how long a TCP connection or operation should wait before packets are lost or the connection becomes unresponsive.

TCP timeout mechanism ensures the reliability and efficiency of network communication

When maintaining an SSH session, there are three key system parameters we need to pay attention to:

• tcp_keepalive_time: The interval between sending TCP keepalive probes on an idle TCP connection, even when there is no actual data transmission. TCP keepalive probes are used to detect whether the remote host is still alive and responding.
• tcp_keepalive_probes: TCP keepalive probes, packets sent by the TCP end to check the health and responsiveness of the remote end in an idle connection. Helps detect if the remote host becomes unreachable, or if the connection is lost due to network problems
• tcp_keepalive_intvl: Controls the interval for sending keepalive probes for idle TCP connections

We can view the values ​​of the above three parameters through the following command:

tcp_keepalive_time of 600 means that the TCP connection will be maintained for 600 seconds or 10 minutes, but this does not mean that our SSH session will actually be maintained for 10 minutes.

Because tcp_keepalive_probes is 9 and tcp_keepalive_intvl is 75, it means that the system will send 9 probe packets every 75 seconds (675 seconds in total), after which the session will be considered failed and closed.

That is, after 675 seconds, the SSH session will terminate if there is inactivity, i.e. no typing in the terminal

How to keep SSH session alive

Maintaining an SSH session is a process that involves both client and server configuration.

Linux client configuration

For Linux client, we modify the ~/.ssh/config file in the home directory (create it if it does not exist)

 vim ~/.ssh/config

Below is the configuration

 Host * ServerAliveInterval 120 ServerAliveCountMax 30

• Host: The configuration will only take effect on the hosts listed after the "Host" keyword. Because of the use of the wildcard character (*), they apply to all hosts.
• ServerAliveInterval: Sets the timeout interval (in seconds) at which SSH will send a message through the encrypted channel to request a response from the server if no data is received from the server. The default value is 0, which means that these messages will not be sent to the server.
• ServerAliveCountMax: Sets the number of keepalive messages sent to the server when SSH does not receive any messages. If this threshold is reached, SSH will disconnect from the server and terminate the session (the default value is 3)

Indicates that the client sends keepalive messages to the server every 120 seconds, for a total of 30 times, that is, 120 * 30 = 3600 seconds (one hour). The SSH session will remain open for one hour.

Windows client configuration

For Windows, we generally use the terminal to access the server

Take secureCRT as an example

Options -> Session Options

picture

Then click [Terminal]

picture

Linux server configuration

The above is the configuration of the client side. Next, we will introduce the configuration of the server side.

Modify the /etc/ssh/sshd_config file

 vim /etc/ssh/sshd_config

 TCPKeepAlive yes ClientAliveInterval 120 ClientAliveCountMax 30

• TCPKeepAlive: Should TCP keepalive information be sent to the client?
• ClientAliveInterval: Sets the timeout interval (in seconds) at which SSH will send messages through the encrypted channel to request a response from the client if no data is received from the client. The default value is 0, which means that these messages will not be sent to the client.
• ClientAliveCountMax: Sets the number of keepalive messages sent to the client when SSH does not receive any messages. If this threshold is reached, SSH will disconnect from the client and terminate the session (the default value is 3)

As with the Linux client configuration described above, the server will maintain the SSH session for one hour (120 * 30 = 3600 seconds)

Restart the SSH service after configuration

 systemctl restart sshd