What do options `ServerAliveInterval` and `ClientAliveInterval` in sshd_config do exactly?

Question

I found this question, but I'm sorry I don't quite understand the settings on the two variables ServerAliveInterval and ClientAliveInterval mentioned in the accepted response. If my local server is timing out, should I set this value to zero? Will it then never time out? Should I instead set it to 300 seconds or something?

My question is simply, some of my connections time out when I suspend & then unsuspend my laptop with the response Write failed: Broken pipe and some don't. How can I correctly configure a local sshd so that they don't fail with a broken pipe?

Answer 1

ServerAliveInterval: number of seconds that the client will wait before sending a null packet to the server (to keep the connection alive).

ClientAliveInterval: number of seconds that the server will wait before sending a null packet to the client (to keep the connection alive).

Setting a value of 0 (the default) will disable these features so your connection could drop if it is idle for too long.

ServerAliveInterval seems to be the most common strategy to keep a connection alive. To prevent the broken pipe problem, here is the ssh config I use in my .ssh/config file:

Host myhostshortcut
     HostName myhost.com
     User barthelemy
     ServerAliveInterval 60
     ServerAliveCountMax 10

The above setting will work in the following way,

1. The client will wait idle for 60 seconds (ServerAliveInterval time) and, send a "no-op null packet" to the server and expect a response. If no response comes, then it will keep trying the above process till 10 (ServerAliveCountMax) times (600 seconds). If the server still doesn't respond, then the client disconnects the ssh connection.

ClientAliveCountMax on the server side might also help. This is the limit of how long a client are allowed to stay unresponsive before being disconnected. The default value is 3, as in three ClientAliveInterval.

Answer 2

This is explained in sshd_config manual (man sshd_config):

ClientAliveInterval

Sets a timeout interval in seconds after which if no data has been received from the client, sshd will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client. This option applies to protocol version 2 only.

ClientAliveCountMax

The default value is 3. If ClientAliveInterval (see below) is set to 15, and ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds. This option applies to protocol version 2 only.

For the client options, see the explanation in man ssh_config:

ServerAliveInterval

Sets a timeout interval in seconds after which if no data has been received from the server, ssh will send a message through the encrypted channel to request a response from the server. The default is 0, indicating that these messages will not be sent to the server. This option applies to protocol version 2 only.

ServerAliveCountMax

The default value is 3. If, for example, ServerAliveInterval is set to 15 and ServerAliveCountMax is left at the default, if the server becomes unresponsive, ssh will disconnect after approximately 45 seconds. This option applies to protocol version 2 only.

Based on above, 0 means it's disabled. Therefore you should set these values high enough to avoid Broken pipe error.

Answer 3

The Answer from Barthelemy is cool but doesn't really get to the root of the problem. You suspend your machine and want the SSH session to be still alive when you boot up your computer.

There is no such configuration for ssh that will keep the connection alive like that. SSH uses TCP, for a start you need the three way handshake and then keep alive after some idle time. When you shutdown/hibernate all your TCP connections are closed with FIN. No way to overcome that.

For a dirty workaround you can use VPS or another online box with screen to keep the connection. My advice don't do that for security reasons.

Answer 4

Since you can't guarantee that an SSH connection (being TCP) will remain alive once one end stops sending ACKs to received packets, I personally use http://www.harding.motd.ca/autossh/ to restart all my SSH connections almost as soon as I unsuspend.

Since GNU Screen will be in use on the server side, re-attaching gets me to where I was before.

You can have it listening on extra ports so that it continually checks the connections are still alive, but personally I find it works well enough with that disabled and just relying on SSH's own ServerAliveInterval / ServerAliveCountMax.

Another option is http://mosh.mit.edu/ which uses UDP and recovers seamlessly from long term lack of connectivity.

Answer 5

Put your long running session inside screen See screen -h for details

That way you can reconnect to the machine using ssh and reattach to the screen session

Answer 6

You could also run commands with nohup if you want them to run regardless of your SSH connection.

e.g.

$ nohup tar -xzf some_huge.tar.gz &

The & is, I think, not necessary, but it is convenient since it makes the process run in the background so you can do other stuff.

I always use nohup for any process that takes awhile, so that I don't have to start over if I lose the connection for whatever reason - power outage (at my remote location, not at the host obviously), network outage, whatever.

Answer 7

This is why Mosh was created:

Mosh (mobile shell)

Remote terminal application that allows roaming, supports intermittent connectivity, and provides intelligent local echo and line editing of user keystrokes.

Mosh is a replacement for interactive SSH terminals. It's more robust and responsive, especially over Wi-Fi, cellular, and long-distance links.