How to Disconnect Inactive or Idle SSH Connections in Linux

In our previous article, where we’ve explained how to TMOUT shell variable to auto logout Linux shell when there isn’t any activity. In this article, we will explain how to auto disconnect inactive or idle SSH sessions or connections in Linux.

Read Also: 5 Ways to Keep Remote SSH Sessions and Processes Running After Disconnection

This is a just one of the several practices to protect and secure SSH service from possible attacks; you can also block SSH and FTP access to specific IP and network range in Linux, just to add more security.

Auto Disconnect Inactive SSH Sessions in Linux

To auto disconnect idle SSH sessions, you can use these sshd configuration options.

  • ClientAliveCountMax – defines the number of messages (client alive messages) sent to the ssh client without sshd receiving back messages from the client. Once this limit is reached, without the client responding, sshd will terminate the connection. The default value is 3.
  • ClientAliveInterval – defines a timeout interval (in seconds) after which if no message has been received from the client, sshd will send a message to the client requesting it to response. The default is 0, meaning that these messages will not be sent to the client.

To configure it, open main SSH configuration file /etc/ssh/sshd_config with your choice of editor.

# vi /etc/ssh/sshd_config

Add these two following lines, which means it will disconnect the client after approximately 3 minutes. It means that after every 60 seconds, a client alive message is sent (total 3 client alive messages will be sent), which results to 3*60=180 seconds (3 minutes).

ClientAliveInterval 60
ClientAliveCountMax 3

After making changes, make sure to restart the SSH service to take new changes into effect.

# systemctl restart sshd   [On Systemd]
# service sshd restart     [On SysVinit]

That’s all! Below is a list of useful SSH guides, that you can read:

  1. How to Configure Custom SSH Connections to Simplify Remote Access
  2. ssh_scan – Verifies Your SSH Server Configuration and Policy in Linux
  3. Restrict SSH User Access to Certain Directory Using Chrooted Jail

It is absolutely necessary to auto disconnect inactive SSH sessions due to sever security reasons. To share any thoughts or ask a question, use the comment form below.

Tutorial Feedback...
Was this article helpful? If you don't find this article helpful or found some outdated info, issue or a typo, do post your valuable feedback or suggestions in the comments to help improve this article...

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

2 thoughts on “How to Disconnect Inactive or Idle SSH Connections in Linux”

Got something to say? Join the discussion.

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.