LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-31-2007, 02:28 AM   #1
pinoyskull
Member
 
Registered: Jan 2005
Location: server farm
Distribution: CentOS 5.7
Posts: 59

Rep: Reputation: 15
disconnect idle ssh sessions


Hi,

Is there a better way to disconnect idle ssh clients, what I did is to look for the PID of the idle session then kill it. If you have a better way of doing it.

Idle ssh sessions that I encounter usually has an idle time of 1 day above.
 
Old 10-31-2007, 04:33 AM   #2
keratos
Member
 
Registered: May 2007
Location: London, UK.
Distribution: Major:FC8. Others:Debian;Zenwalk; Arch; Slack; RHEL.
Posts: 544

Rep: Reputation: 30
Add these lines to your ssh config file (sshd is the daemon for ssh) usually /etc/ssh/sshd_config. (not sure about fedora!)

ClientAliveInterval <time interval in seconds>
ClientAliveCountMax 0

Restart sshd (try the command "service sshd reload" as root)

Code:
From the sshd_config manpage:

     ClientAliveInterval
             Sets a timeout interval in seconds after which if no data has
             been received from the client, sshd will send a message through
             the encrypted channel to request a response from the client.  The
             default is 0, indicating that these messages will not be sent to
             the client.  This option applies to protocol version 2 only.

Example (send "keep alive" messages every 5 minutes) on Red Hat Linux:

1. Add ClientAliveInterval 300 to /etc/ssh/sshd_config

2. Reload the sshd server configuration with /sbin/service sshd reload

Note: you may want to configure the ClientAliveCountMax value in sshd_config to set the number of times that "keep alive" messages are sent. If ClientAliveCountMax number of "keep alive" messages are not acknowledged by the ssh client, the connection is terminated by the ssh server. The default value of 3 should be sufficient for most users.

Last edited by keratos; 10-31-2007 at 04:35 AM.
 
Old 11-03-2007, 01:45 AM   #3
pinoyskull
Member
 
Registered: Jan 2005
Location: server farm
Distribution: CentOS 5.7
Posts: 59

Original Poster
Rep: Reputation: 15
keratos

tried that method but idle ssh sessions still wont disconnect
 
Old 11-03-2007, 04:18 AM   #4
keratos
Member
 
Registered: May 2007
Location: London, UK.
Distribution: Major:FC8. Others:Debian;Zenwalk; Arch; Slack; RHEL.
Posts: 544

Rep: Reputation: 30
Is your client sending a "keep alive" to the ssh server.

I cant think of anything else, sorry?
 
Old 11-03-2007, 04:35 AM   #5
pinoyskull
Member
 
Registered: Jan 2005
Location: server farm
Distribution: CentOS 5.7
Posts: 59

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by keratos View Post
Is your client sending a "keep alive" to the ssh server.

I cant think of anything else, sorry?
those users whose ssh session did not disconnect on the remote servers are using putty for windows, which after they logout the putty program is closed.
 
Old 11-04-2007, 03:03 AM   #6
keratos
Member
 
Registered: May 2007
Location: London, UK.
Distribution: Major:FC8. Others:Debian;Zenwalk; Arch; Slack; RHEL.
Posts: 544

Rep: Reputation: 30
putty can be (and usually is) configured to send "keep-alives".

Did you check this?
 
Old 11-06-2007, 07:54 PM   #7
pinoyskull
Member
 
Registered: Jan 2005
Location: server farm
Distribution: CentOS 5.7
Posts: 59

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by keratos View Post
putty can be (and usually is) configured to send "keep-alives".

Did you check this?
yeah, it is configured to send "keep-alives" but when you close putty, should it still send "keep-alives"?
 
Old 11-07-2007, 06:49 AM   #8
keratos
Member
 
Registered: May 2007
Location: London, UK.
Distribution: Major:FC8. Others:Debian;Zenwalk; Arch; Slack; RHEL.
Posts: 544

Rep: Reputation: 30
No

not unless it is still running or something else is sending keepalives.

something MUST be using the connection.

check your IP traffic on your host - something must be sending traffic down the line.
 
Old 11-08-2007, 11:16 PM   #9
pinoyskull
Member
 
Registered: Jan 2005
Location: server farm
Distribution: CentOS 5.7
Posts: 59

Original Poster
Rep: Reputation: 15
here's the screenshot
http://i20.photobucket.com/albums/b2...reenshot-3.png
as you can see those sessions which are idle for days should be disconnected already since no more ssh client are open on their pc.
 
Old 11-09-2007, 12:26 AM   #10
pinoyskull
Member
 
Registered: Jan 2005
Location: server farm
Distribution: CentOS 5.7
Posts: 59

Original Poster
Rep: Reputation: 15
after digging the internet for possible solutions, I finally got one and it works

i added TMOUT=300 to /etc/bashrc to disconnect users which are idle for 5 minutes
 
Old 11-09-2007, 03:10 AM   #11
keratos
Member
 
Registered: May 2007
Location: London, UK.
Distribution: Major:FC8. Others:Debian;Zenwalk; Arch; Slack; RHEL.
Posts: 544

Rep: Reputation: 30
Quote:
Originally Posted by pinoyskull View Post
here's the screenshot
http://i20.photobucket.com/albums/b2...reenshot-3.png
as you can see those sessions which are idle for days should be disconnected already since no more ssh client are open on their pc.
that looks like a screenshot of a "top" command, and not an IP traffic analyser.

Putting the timeout in a bashrc is extreme as it will disconnect at the client end rather than the server end. But if you are happy with this , fine , I personally would find out what the issue is and fix it correctly.

Closing down login shells just to disconnect from the ssh server is extreme in my view and may shut users down who are not even using ssh and they will wonder why? Not the sort of thing a good sysadmin would do, in my humble view.
 
Old 11-09-2007, 03:23 AM   #12
pinoyskull
Member
 
Registered: Jan 2005
Location: server farm
Distribution: CentOS 5.7
Posts: 59

Original Poster
Rep: Reputation: 15
From what i read, bashrc tmout setting will only disconnect idle sessions of telnet and ssh and nothing more, by the way that is not "top" that is "w".
 
Old 11-09-2007, 03:29 AM   #13
keratos
Member
 
Registered: May 2007
Location: London, UK.
Distribution: Major:FC8. Others:Debian;Zenwalk; Arch; Slack; RHEL.
Posts: 544

Rep: Reputation: 30
Incorrect!!!

http://www.gnu.org/software/bash/manual/bashref.html

search for "TIMEOUT" - its all there!

and top / w , not too much difference , generally process/user related , I can't get excited about the difference suffice to say it IS NOT as I proposed you obtain, which was a list of IP traffic and sink/sources to establish what and who is sending, if at all, keepalives to the ssh server.

Anyway, you're happy now.

Byeeeeee
 
Old 11-09-2007, 03:56 AM   #14
pinoyskull
Member
 
Registered: Jan 2005
Location: server farm
Distribution: CentOS 5.7
Posts: 59

Original Poster
Rep: Reputation: 15
so, what do you think are affected by bashrc's tmout setting aside from your shell?
 
Old 11-09-2007, 04:27 AM   #15
keratos
Member
 
Registered: May 2007
Location: London, UK.
Distribution: Major:FC8. Others:Debian;Zenwalk; Arch; Slack; RHEL.
Posts: 544

Rep: Reputation: 30
Quote:
Originally Posted by pinoyskull View Post
so, what do you think are affected by bashrc's tmout setting aside from your shell?
Why of course, any application that is invoked from or through the shell.

As stated above, in my humble view, killing the shell this way is not what a sysadmin would probably do. Its an overkill. Any user who is dropped into a bash shell will find themselves mysteriously logged out after "a period of inactivity".

If I were a sysadmin, I would wonder why anyone had took a sledgehammer to a nut in this way.
 
  


Reply

Tags
ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH disconnect, connect to process briel Linux - General 2 11-24-2006 04:32 PM
SSH on LAN - server disconnect geek745 Linux - Networking 13 02-28-2006 04:28 PM
Keep running a command when disconnect from SSH stuartornum Linux - General 3 02-17-2006 10:19 PM
How do disconnect Idle users?? noodle123 Linux - Newbie 2 07-29-2002 08:31 PM
Disconnect after 2 hrs on idle bernstar77 Linux - Networking 0 11-26-2001 01:37 PM


All times are GMT -5. The time now is 07:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration