How to Disconnect Inactive or Idle SSH Connections in Linux
In our previous article, where we’ve explained how to TMOUT shell variable to auto logout Linux shell when there isn’t any activity. In this article, we will explain how to auto disconnect inactive or idle SSH sessions or connections in Linux.
This is a just one of the several practices to protect and secure SSH service from possible attacks; you can also block SSH and FTP access to specific IP and network range in Linux, just to add more security.
Auto Disconnect Inactive SSH Sessions in Linux
To auto disconnect idle SSH sessions, you can use these sshd configuration options.
- ClientAliveCountMax – defines the number of messages (client alive messages) sent to the ssh client without sshd receiving back messages from the client. Once this limit is reached, without the client responding, sshd will terminate the connection. The default value is 3.
- ClientAliveInterval – defines a timeout interval (in seconds) after which if no message has been received from the client, sshd will send a message to the client requesting it to response. The default is 0, meaning that these messages will not be sent to the client.
To configure it, open main SSH configuration file /etc/ssh/sshd_config with your choice of editor.
# vi /etc/ssh/sshd_config
Add these two following lines, which means it will disconnect the client after approximately 3 minutes. It means that after every 60 seconds, a client alive message is sent (total 3 client alive messages will be sent), which results to 3*60=180 seconds (3 minutes).
ClientAliveInterval 60 ClientAliveCountMax 3
After making changes, make sure to restart the SSH service to take new changes into effect.
# systemctl restart sshd [On Systemd] # service sshd restart [On SysVinit]
That’s all! Below is a list of useful SSH guides, that you can read:
- How to Configure Custom SSH Connections to Simplify Remote Access
- ssh_scan – Verifies Your SSH Server Configuration and Policy in Linux
- Restrict SSH User Access to Certain Directory Using Chrooted Jail
It is absolutely necessary to auto disconnect inactive SSH sessions due to sever security reasons. To share any thoughts or ask a question, use the comment form below.