Logging out of your server is not something you may automatically think of doing, especially if you're in the middle of doing something else. As a result you may find yourself still logged in to your server sometime later when you're closing all those StackOverflow tabs! Like most software, SSH comes with a session timeout ability built in, keep on reading and we'll show you how to get it configured.
Before we dive into how to set this up, it's worth understanding first how it all works. SSH connections are made up by the client side (your computer) and the server side and both sides have different ways of detecting idle connections.
Server side connections via SSH essentially have an ecrypted channel in the background that the server uses to contact the client and ask "hey are you still there?", the SSH window on your computer will then reply and confirm it is. This means that you can leave an SSH connection open in the background and it can stay connected all day. If you turn your computer off or put it to sleep without disconnecting, the server side will not receive a response from those messages. If nothing is configured, you can find that you may be able to turn on or wake up your computer and still be connected via SSH.
To combat this, we can instruct the server to disconnect any connection if it sends a certain number of messages without receiving any response.
The issue with server side timeouts, is that you may not want a user to be able to keep an SSH connection open all day! You may simply want a user to be disconnected after 5 minutes if no command has being run. Sadly there isn't an actual option with SSH for this however we can use the
TMOUT variable in bash to create the same effect by defining it in the global bashrc file.
To set up the server side SSH timeouts, you'll first need to SSH onto your server as root, or a user with sudo access. Once in, open
/etc/ssh/sshd_config in your preferred editor (I'm using nano for this tutorial) with sudo access.
sudo nano /etc/ssh/sshd_config
In that file, search for
ClientAliveCountMax. They may be commented out with a hash symbol, if they are, remove the hash symbol.
ClientAliveInterval is the number of seconds between each of those messages and
ClientAliveCountMax is the number of messages to send without receiving a response before it disconnects. So essentially the session timeout is
Configuring the options as follows would result in a timeout of 10 minutes.
ClientAliveInterval 300 # 5 minutes ClientAliveCountMax 2 # 2 times
# alternatively you could achieve the same result with ClientAliveInterval 600 # 10 minutes ClientAliveCountMax 1 # 1 time
Once you have the options set for your use case, save the file (if you're using nano it's CTRL + X followed by 'Y' to confirm and then enter). Then simply restart the SSH daemon to activate the changes.
sudo service sshd restart
As mentioned above, client side timeouts can be handled by configuring the
TMOUT bash variable. You may be used to setting variables inside a single users bashrc file, but that would only work if you logged in as that user. Instead, we'll set the variable in the global bashrc file, so it will affect every user.
Note, this timeout will also affect interactive shells, so if you start an interactive shell but then don't do anything, your connection may be terminated.
To configure client side timeouts, SSH into your server as root, or a user with sudo access. Once in, open
/etc/bash.bashrc in your preferred editor with sudo access.
sudo nano /etc/bash.bashrc
Scroll to the bottom of the file and then add the following lines.
TMOUT=300 readonly TMOUT export TMOUT
Amend the value of
TMOUT to set a value suitable for your use case, as with the server options, this value is in seconds so the above example with log you out after 5 minutes of inactivity. Once you've set the desired value, save and close file (nano: CTRL + X followed by 'Y' to confirm and then enter).
As with changes to your users bashrc file, you will need to restart your session for the settings to take affect. You can simply close your SSH connection and reconnect, now if you don't do anything in your connection, it will automatically close after the configured number of seconds.
ServerAuth provides a whole host of management tools, from controlling who can access your server, to adding cron jobs, securing your servers and installing packages. And with an ever growing suite of tools you'll always be one step ahead!Start for free