SSHD Timeout

Published September 11, 2004

As I'm sure many of you know, one of the features I'm working on for v3.5 is integrated SFTP support. One of the few remaining issues with the support is its behavior on connection timeout. The problem is that all of the servers I have access to seem to have long timeouts and it is a real pain to have to wait for them to timeout. So, I've been trying to figure out how to configure the built in ssh in OS X so I can test on localhost, and have the timeout be 1 minute or something like that.

It was pretty simple to get it basically working, but unfortunately, I have not been able to figure out the timeout bit yet. Here is what I've tried:

  • Editing my ssh configuration files (~/.ssh/config), trying first IdleTimeout 60s, then ClientAliveInterval 60s with ClientAliveMaxCount 1. Both of these caused ssh to not function, with an invalid configuration message.
  • Adding those options to the system configuration file (/etc/ssh_config), just in case. Same results
  • Editing the ssh configuration in /etc/xinetd.d/ssh, as OS X seems to run sshd and other services through xinetd. Wasn't sure what to do here, so just added the same options as command-line arguments. Didn't get invalid configuration, but still didn't work
  • Running sshd standalone. It doesn't work out of the box, but with some work I may be able to get it working. This will be my next step.

At this point I'm pretty frustrated, so before proceeding, I figured I'd see if any readers had any tips. Thanks in advance.

Update: Thanks to Jeff, who figured out I was editing the wrong file (ssh_config rather than sshd_config). Editing sshd_config allows me to add the options (ClientAliveInterval and ClientAliveCountMax), but I still see no timeout behavior. My connection is not terminated, and commands are still allowed a significant time after timeout should have occurred.
Categories: skEdit

/etc/ssh_config is the ssh *client* config. You want /etc/sshd_config, unless you just mistyped when authoring this post.

Jeff Hunter on September 11, 2004 #

Ah, I'm stupid. Somehow I kept reading ssh_config where articles were saying sshd_config, and I didn't see the sshd_config file in /etc. It now allows me to add the appropriate configuration options (ClientAliveInterval and ClientAliveCountMax). However, I'm not seeing any timeout behavior at all. The threshold passes, nothing happens, and commands still function.

Sean Kelly on September 12, 2004 #

You've got it all wrong.

the point of clientaliveinterval is to STOP routers from timing out your connection, not to CAUSE timeouts.

It causes the server to send keepalives to the client, and, if the client doesn't respond to them, then terminate the idle connection.

TO actually cause ssh sessions to timeout, use an idle account kicker. SSHD will not time out a validly connected client ever. It relies on the account management features of the OS to perform it's idle kicking.

CHuck on November 18, 2005 #

Add Comment

All fields except URL are required. No HTML is allowed. If comment does not appear immediately, it has been marked for moderation.

Name:
Email:
URL: