2

On one of our Mac OS X servers, we have set the following in /etc/ssh_config:

# Keep idle connections alive for 10 minutes
Host *
    ServerAliveInterval 600

Two questions:

1) Is this a good way to define a timeout limit for idle connections? http://www.ibm.com/developerworks/aix/library/au-sshsecurity/ suggests ClientAliveInterval instead; but https://unix.stackexchange.com/questions/3026/what-do-the-options-serveraliveinterval-and-clientaliveinterval-in-sshd-conf seems to say that the two ways essentially yield the same result.

2) Does script execution time cut into the idle logout time? E.g., if someone runs a Perl script on the server, and the script takes 5 minutes, will the connection be suspended 5 minutes after the script ends? Put another way: What exactly does it mean for a ssh connection to be idle?

Community
  • 1
Sebastian Sulger
  • 91
  • 6

1 Answers1

1

I believe an idle connection is no keyboard interaction. I have this set on my servers, but if I want to run scripts or processes that take longer, i use screen.

HTH

Kobus

Kobus
  • 57
  • 5
  • Thanks @Kobus. Can you point me towards any online sources that elaborate? Also: Do you use `ClientAliveInterval` or `ServerAliveInterval`? – Sebastian Sulger Dec 09 '15 at 20:34
  • Hi @SebastianSulger I dont really know any online sources, but what is it you need further help with and I can help as much I can? – Kobus Dec 14 '15 at 11:54
  • Since you prefaced your answer with "I believe", I got the impression you were not sure about any of this - so maybe you can point me to some online source that explains some more? – Sebastian Sulger Dec 16 '15 at 12:11
  • Ok I understand, maybe it was just the way i started. Let me try again. I set the timeout not with ssh, but with the TMOUT variable. When I use screen, I have to unset the TMOUT variable which will then cause screen not to timeout at all. I do not have any links, this is just stuff I read in the man pages and from experience. Sorry. – Kobus Dec 17 '15 at 09:49