How to Disconnect Inactive or Idle SSH Connections in Linux

In our previous article, where we’ve explained how to TMOUT shell variable to auto logout Linux shell when there isn’t any activity. In this article, we will explain how to auto disconnect inactive or idle SSH sessions or connections in Linux.

Read Also: 5 Ways to Keep Remote SSH Sessions and Processes Running After Disconnection

This is a just one of the several practices to protect and secure SSH service from possible attacks; you can also block SSH and FTP access to specific IP and network range in Linux, just to add more security.

Auto Disconnect Inactive SSH Sessions in Linux

To auto disconnect idle SSH sessions, you can use these sshd configuration options.

  • ClientAliveCountMax – defines the number of messages (client alive messages) sent to the ssh client without sshd receiving back messages from the client. Once this limit is reached, without the client responding, sshd will terminate the connection. The default value is 3.
  • ClientAliveInterval – defines a timeout interval (in seconds) after which if no message has been received from the client, sshd will send a message to the client requesting it to response. The default is 0, meaning that these messages will not be sent to the client.

To configure it, open main SSH configuration file /etc/ssh/sshd_config with your choice of editor.

# vi /etc/ssh/sshd_config

Add these two following lines, which means it will disconnect the client after approximately 3 minutes. It means that after every 60 seconds, a client alive message is sent (total 3 client alive messages will be sent), which results to 3*60=180 seconds (3 minutes).

ClientAliveInterval 60
ClientAliveCountMax 3

After making changes, make sure to restart the SSH service to take new changes into effect.

# systemctl restart sshd   [On Systemd]
# service sshd restart     [On SysVinit]

That’s all! Below is a list of useful SSH guides, that you can read:

  1. How to Configure Custom SSH Connections to Simplify Remote Access
  2. ssh_scan – Verifies Your SSH Server Configuration and Policy in Linux
  3. Restrict SSH User Access to Certain Directory Using Chrooted Jail

It is absolutely necessary to auto disconnect inactive SSH sessions due to sever security reasons. To share any thoughts or ask a question, use the comment form below.

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

2 Responses

  1. ngabdul says:

    how to do it on ssh dropbear?

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.