Skip to Content

Fix SSH timeout in Linux with ServerAliveInterval ClientAliveInterval TMOUT

SSH connection timeouts due to inactivity can be disruptive, especially when you’re working on tasks that require periodic attention to the terminal.

Adjusting the SSH timeout settings can help maintain your connection over extended periods of inactivity.

You will see this error on the terminal.

$ timed out waiting for input: auto-logout
Connection to host closed.

Boost Your Website Speed!

If you want your website to run as fast as ours, consider trying Cloudways. Their powerful cloud infrastructure and optimized stack deliver exceptional performance. Free migration!

understanding ServerAliveInterval ClientAliveInterval

Understanding ServerAliveInterval and ClientAliveInterval is crucial for managing SSH connections, as these settings determine how the SSH client and server communicate to maintain active sessions.

  • ServerAliveInterval (~/.ssh/config on most Linux systems).:  This is a client-side setting. This is the interval when the client sends the probe message to the server.
  • ClientAliveInterval( /etc/ssh/sshd_config on most Linux systems).): This is a server-side setting. This is the interval when the server sends the probe message to the client.

 

ClientAliveInterval Purpose: ClientAliveInterval is used by the SSH server to send a request to the client. This setting helps the server maintain the connection.

How ClientAliveInterval Works: When set, the server will send a keepalive message to the client. If the client does not respond, the server may eventually close the connection based on the ClientAliveCountMax setting, which defines the maximum number of keepalive messages the server sends without receiving any response from the client.

The same theory apply to parameter ServerAliveInterval. 

Note: ServerAliveInterval and ClientAliveInterval are not directly related to the ssh timeout.  We can not configure the timeout value using these parameters but we can use these parameters to keep the connection, especially through firewalls or routers that might drop idle connections.

That means both ServerAliveInterval and ClientAliveInterval are essential for maintaining active SSH connections in environments where idle connections may be automatically terminated due to inactivity. However, they are not direct mechanisms for configuring session timeout limits.

Their primary role is to keep the connection open by ensuring regular communication between the SSH client and server, even when there’s no other data being transmitted.

Configure ServerAliveInterval on the Client Side

We can add the following options to the SSH config file on client side or ssh -o ServerAliveInterval=20 ip address.

Client:

host *
ServerAliveInterval 20
ServerAliveCountMax 100
TCPKeepAlive yes

We can see that client sends probe data to the server every 20s which is the ServerAliveInterval from the following packets.

10:37:11.741159 IP 10.79.102.248.61622 > 10.124.202.230.ssh: Flags [P.], seq 2770:2822, ack 3790, win 2048, options [nop,nop,TS val 2022184725 ecr 1297845101], length 52
10:37:11.767047 IP 10.124.202.230.ssh > 10.79.102.248.61622: Flags [P.], seq 3790:3818, ack 2822, win 287, options [nop,nop,TS val 1297865128 ecr 2022184725], length 28
10:37:11.767183 IP 10.79.102.248.61622 > 10.124.202.230.ssh: Flags [.], ack 3818, win 2047, options [nop,nop,TS val 2022184750 ecr 1297865128], length 0

10:37:31.769396 IP 10.79.102.248.61622 > 10.124.202.230.ssh: Flags [P.], seq 2822:2874, ack 3818, win 2048, options [nop,nop,TS val 2022204561 ecr 1297865128], length 52
10:37:31.789991 IP 10.124.202.230.ssh > 10.79.102.248.61622: Flags [P.], seq 3818:3846, ack 2874, win 287, options [nop,nop,TS val 1297885154 ecr 2022204561], length 28
10:37:31.790058 IP 10.79.102.248.61622 > 10.124

 

4 Steps to login Linux server without password

 

Configure SSH Timeout by changing TMOUT On Server Side

The TMOUT variable in Unix-like operating systems, including Linux, is an environment variable used primarily in the Bash shell.

It serves as an automatic logout feature. When TMOUT is set, it specifies the maximum amount of time (in seconds) that a shell session can remain idle before being automatically terminated.

For instance, export TMOUT=300 will log out the user after 5 minutes (300 seconds) of inactivity.

You can set TMOUT in individual user profiles (like .bashrc), or globally for all users (in system-wide configuration files like /etc/profile).

Limitation: The TMOUT variable doesn’t affect sessions that are actively running a process. It only applies to idle sessions.

Recommended Steps to increase SSH connection timeout

We can use the following way to increase the SSH connection timeout in Linux.

  • add ServerAliveInterval 20 and ServerAliveCountMax 100 on client-side in file ~/.ssh/ssh_config or we can add them to command line like this
    $ ssh -o ServerAliveInterval=20 -o ServerAliveCountMax=100 [email protected]
  • change TMOUT variable on server-side with the following command.
    TMOUT=600 ( this is 10 minutes).
    export TMOUT
    echo $TMOUT

 

Here is the ssh log after our change. The ssh timeout value is 600s which is 10 minutes.

Feb 26 02:36:51 hostname sshd[127463]: Accepted keyboard-interactive/pam for test from 10.79.102.248 port 61622 ssh2
Feb 26 02:36:51 hostname sshd[127463]: pam_unix(sshd:session): session opened for user test by (uid=0)
Feb 26 02:46:51 hostname sshd[127463]: pam_unix(sshd:session): session closed for user test

 We can change TMOUT value for a longer SSH connection timeout value if needed.

Related: