RE: ClientAliveInterval not working?

From: Joe Terwilliger (jterwilliger_at_ewess.com)
Date: 10/07/03

  • Next message: Asif Iqbal: "Re: PAM SecurID from RSA" 
    To: <secureshell@securityfocus.com>
Date: Tue, 7 Oct 2003 09:20:10 -0400

    Yes, that is exactly what we were looking for. Thanks for the help.

    -----Original Message-----
    From: Darren Tucker [mailto:dtucker@zip.com.au]
    Sent: Monday, October 06, 2003 7:54 PM
    To: Joe Terwilliger
    Cc: secureshell@securityfocus.com
    Subject: Re: ClientAliveInterval not working?

    Joe Terwilliger wrote:
    > We are trying to control inactivity timeout on sshd using the
    > ClientAliveInterval and ClientAliveCountMax sshd_config settings but it
    > doesnt seem to be having any affect on timing out and disconnecting
    > inactive/idle clients. I have tried using standard numeric arguments and
    > numeric arguments followed by a character modifier (s, m, h, etc) with no
    > effect. Clients are still staying connected regardless of the
    > ClientAliveInterval setting and what client I am using to connect - I have
    > tried PuTTY and the standards ssh clients to connect, both with keepalive
    > settings turned off. Are there issues with this feature in openSSH or
    > something I am missing in the documentation?

    What do you mean by "inactive/idle"? The ClientAlive* options control
    inactivity from a protocol standpoint, not from a
    not-typing-anything-at-the-shell standpoint. This is useful for cleaning
    up sessions where the client has become disconnected/crashed/changed IP.

    As long as the client responds to a protocol no-op message, it's
    considered active. This will be invisible to the user (but if you connect
    with "ssh -v" you'll see them happening, and if you disconnect the network
    cable you'll see the session disconnected).

    You probably want something like the TMOUT feature of some shells. There
    are also some third-party patches that do the same thing in sshd, eg the
    patch referred to in [0]. I haven't used any of those.

    [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=165185 

    --
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
  • Next message: Asif Iqbal: "Re: PAM SecurID from RSA"

    Relevant Pages

    • Sleepy NIC to DSL?
      ... Sleepy NIC to DSL? ... the DHCP client starts complaining for six to eight times for 6 to 10 hours ... complaint would indicate that it can't talk to the clients, ...
      (microsoft.public.windowsxp.general)
    • 2008 TS Login Screen hangs after time out
      ... Users who connect to a 2008 terminal server using thin as well as thick ... clients. ... After a period of inactivity, the user is presented with the blue ...
      (microsoft.public.windows.terminal_services)
    • Re: ClientAliveInterval not working?
      ... > We are trying to control inactivity timeout on sshd using the ... > ClientAliveInterval and ClientAliveCountMax sshd_config settings but it ... > doesnt seem to be having any affect on timing out and disconnecting ... Clients are still staying connected regardless of the ...
      (SSH)
    • Re: W2K3 GPO pushing IE settings to W2K...
      ... > We have a setup using a W2K3 AD server pushing the GPO out to a fleet ... > The problem is that not ~all~ the settings seem to be pushed. ... > and changed like I'd expect, reflecting what's in the GPO. ... The settings nor the site list appear on the clients. ...
      (microsoft.public.windows.server.setup)
    • RE: Mapped Drive Connection to Network Share is being disconnected
      ... XP Professional clients with mapped drives to Windows 2000 and Windows NT4 ... the disconnecting can be caused by the clients or the ...
      (microsoft.public.windowsxp.help_and_support)