<- 07/10/05: A World of Warcraft Moment      |      05/18/05: When Bees Attack ->
Keeping Your SSH Sessions Alive Through Pesky NAT Firewalls
Fri Jun 3rd 2005, 1:12pm
NAT firewalls like to time out idle sessions to keep their state tables clean and their memory footprint low. Some firewalls are nice, and let you idle for up to a day or so; some are gestapo and terminate your session after 5 minutes. I finally got tired of my ssh sessions getting disconnected at places where I don't control the firewalls, and figured out how to stop it. Turn out ssh has a nice inband keepalive mechanism, and even lets you set it on a per-destination basis. Just create a ~/.ssh/config file with something like the following (*kehlet.cx is shown as an example only, you might just use *): 
Host *kehlet.cx
    ServerAliveInterval 240
That's how often, in seconds, ssh will send a keepalive request (at the application layer) to the other end if the connection's been otherwise idle. 4 minutes should be good :-). The Host line lets you pattern match your destinations. Minimal effort, no impact to your system (say, as you would have if you mucked with your system's default TCP keepalive settings), and it works like a charm.



Visitor comments
On Mon Jul 11th 2005, 12:57am, Rajesh Pandey posted:
Can I know more about this.
I want to keep my session alive to log in the hrs on an education portal.
What should I actually do as I am a starter.
Thanks.
Rajesh Pandey


On Mon Jul 11th 2005, 5:47pm, Steve Kehlet posted:
These instructions are for Unix systems and OpenSSH. Just create the directory ".ssh" in your home directory, if it doesn't already exist, and create a file inside called "config" with the following two lines:

Host *
ServerAliveInterval 240

(Be sure to indent that second line with at least one space). This should help if your session is getting timed out by a firewall.

Beyond this I would refer you to the OpenSSH documentation at www.openssh.org.


On Wed Sep 7th 2005, 11:22pm, Joel posted:
It should be mentioned that the user and group owners of the ~/.ssh/config file should be the same as ~/.ssh/known_hosts

Also, does anybody know if this option can be added to any of the files in /etc/ssh/ to make it system wide?


On Thu Sep 8th 2005, 11:51am, Steve Kehlet posted:
Hi Joel. Sure, you can put ServerAliveInterval in the system-wide config file, a user config file, or on the ssh command line (with -o). See http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config


On Fri Feb 10th 2006, 6:26pm, Ryan posted:
I did what mentioned above, but got an error when i use ssh:
/home/some_user/.ssh/config: line 2: Bad configuration option: ServerAliveInterval
/home/some_user/.ssh/config: line 3: Bad configuration option: ServerAliveCountMax
/home/some_user/.ssh/config: terminating, 2 bad configuration options


On Fri Feb 10th 2006, 8:32pm, Steve Kehlet posted:
Ryan, the version of ssh you have installed is probably too old to support this feature. If you can, try upgrading.


On Mon Dec 10th 2007, 4:26pm, Raffaella posted:
Pardon my ignorance but where exactly should I create the .ssh/config file (with the lines "Host *" and "ServerAliveInterval 240")? On the local computer (a MacBookPro) that I use to connect to the remote host (a linux machine) or on the remote host?
Thanks :)


On Mon Dec 10th 2007, 5:29pm, Steve Kehlet posted:
Raffaella, put the config file underneath the directory ".ssh" (which may or may not already exist), underneath your home directory. If .ssh doesn't already exist you'll need to create it in a Terminal window ("mkdir .ssh").


On Sat Nov 29th 2008, 7:13am, Visitor posted:
What didn't you understand about his fucking question???!!! REMOTE or LOCAL?


On Sat Nov 29th 2008, 4:24pm, Steve Kehlet posted:
On the local computer. Hope this clears up any confusion.



On Mon Jan 19th 2009, 5:14pm, Roger posted:
Thanks for posting this Steve. And I must say that you have an unbelievable level of cool to actually respond to that last jerk (and politely too!).


On Wed Aug 12th 2009, 9:51am, Who posted:
LOL @ VISITOR


On Tue Sep 8th 2009, 11:50pm, 0xdeadbeef posted:
If you happen to be using the PuTTY SSH client on a M$ Windows system, there is a "Seconds between keepalives" option (disabled by default) in the "Connection" configuration node.


On Mon Oct 26th 2009, 2:56pm, Visitor posted:
If you're using SecureCRT, you can edit the Global Options (Edit Default Settings button). The "Terminal" tab has an anti-idle section. I set mine to "Send protocol NO-OP" every 60 seconds.


On Wed Mar 10th 2010, 12:25pm, Adam Monsen posted:
Very helpful. Thank you!




Submit a comment
Name:

Comment: (no HTML)

<- 07/10/05: A World of Warcraft Moment      |      05/18/05: When Bees Attack ->