SSH (Secure Shell) is used by developers and administrators to connect to remote servers. But often system administrators need to keep track of inactive or idle SSH sessions to their SSH server and disconnect them to save resources and avoid malicious activities. If you keep too many idle connections open, then you are exposing your SSH server to malicious attacks. In this article, we will learn how to disconnect inactive or idle SSH sessions or connections in Linux. It is important to regularly, if not automatically, identify and disconnect idle and inactive SSH connections to secure your system.
How to Disconnect Inactive or Idle SSH Sessions
Here are the steps to disconnect inactive or idle SSH sessions.
1. Open SSH Configuration
Open terminal and run the following command to open SSH configuration file in Linux.
$ vi /etc/ssh/ssh_config
2. Configure Automatic Disconnection of Idle Connections
There are many SSH configuration parameters in configuration file. ClientAliveCountMax defines the number of messages that SSH server sends to SSH client, without receiving a response from client, to check if it is idle or active. Once this limit is reached, the SSH server automatically disconnects the connection. The default value of this parameter is 3.
ClientAliveInterval defines the time interval after which the server sends the above mentioned message to the client. Its default value is 0 meaning no message is to be sent to the client.
Once you have opened the SSH configuration file, update the above two parameters to set timeout values for automatic disconnection. Here is an example where we configure the server to send a message every 60 seconds, up to 3 times, before it triggers automatic disconnection.
ClientAliveInterval 60 ClientAliveCountMax 3
So the total timeout for idle or inactive SSH connection is 180 seconds. Save and close the file.
3. Restart SSH Service
Restart SSH service to apply changes.
# systemctl restart sshd [On Systemd] # service sshd restart [On SysVinit]
In this article, we have learnt how to disconnect inactive or idle sessions. It is important to constantly keep track of idle or inactive SSH connections and disconnect them if not needed to keep your system safe & secure from external attacks.
How to Enable Debugging Mode in SSH
How to Copy Column to Another Column in MySQL
How to Add Header to CSV File Using Shell Script
How to Create Yum Repository in RHEL Using ISO Image
How to Setup Local Yum Repository in RHEL