Re: ClientAliveInterval not working?

From: Darren Tucker (dtucker_at_zip.com.au)
Date: 10/07/03

  • Next message: Arnold: "Re: ssh session exits after authentication" 
    Date: Tue, 07 Oct 2003 09:53:48 +1000
To: Joe Terwilliger <jterwilliger@ewess.com>

    Joe Terwilliger wrote:
    > We are trying to control inactivity timeout on sshd using the
    > ClientAliveInterval and ClientAliveCountMax sshd_config settings but it
    > doesnt seem to be having any affect on timing out and disconnecting
    > inactive/idle clients. I have tried using standard numeric arguments and
    > numeric arguments followed by a character modifier (s, m, h, etc) with no
    > effect. Clients are still staying connected regardless of the
    > ClientAliveInterval setting and what client I am using to connect - I have
    > tried PuTTY and the standards ssh clients to connect, both with keepalive
    > settings turned off. Are there issues with this feature in openSSH or
    > something I am missing in the documentation?

    What do you mean by "inactive/idle"? The ClientAlive* options control
    inactivity from a protocol standpoint, not from a
    not-typing-anything-at-the-shell standpoint. This is useful for cleaning
    up sessions where the client has become disconnected/crashed/changed IP.

    As long as the client responds to a protocol no-op message, it's
    considered active. This will be invisible to the user (but if you connect
    with "ssh -v" you'll see them happening, and if you disconnect the network
    cable you'll see the session disconnected).

    You probably want something like the TMOUT feature of some shells. There
    are also some third-party patches that do the same thing in sshd, eg the
    patch referred to in [0]. I haven't used any of those.

    [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=165185 

    -- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
  • Next message: Arnold: "Re: ssh session exits after authentication"

    Relevant Pages

    • ICS and Proxy Settings
      ... Is there any way using ICS to tell its DHCP clients what proxy settings to ... I have 2-way satellite internet access at home (via ...
      (microsoft.public.windowsxp.general)
    • Re: W2K3 GPO pushing IE settings to W2K...
      ... > We have a setup using a W2K3 AD server pushing the GPO out to a fleet ... > The problem is that not ~all~ the settings seem to be pushed. ... > and changed like I'd expect, reflecting what's in the GPO. ... The settings nor the site list appear on the clients. ...
      (microsoft.public.windows.server.setup)
    • RE: Time Service Questions
      ... and time sync clients like XP or w2K pro... ... You might want to check out the section specifically on Time Service ... settings and tools to locate the infor you are looking for. ... > have time service registry keys that look like this... ...
      (microsoft.public.win2000.active_directory)
    • RE: Win2K3 PDC not acting as time server
      ... First are all the DCs in Default_First_site_name site? ... subnet in Windows Server 2003 Active Directory? ... Based on the registry settings, the clients is use NTP as time ...
      (microsoft.public.windows.server.migration)
    • Re: Proxy Settings
      ... Unfortunatly there is no common theme, it is happening on win2K and XP clients. ... The support site looks you directed me to does look useful though, ... It only applies when the policy changes or is ... >> to be picking up the policy but the proxy settings are not being set. ...
      (microsoft.public.win2000.group_policy)