The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSHD Configuration Help.

Discussion in 'General Discussion' started by PCZero, Feb 3, 2015.

  1. PCZero

    PCZero Well-Known Member

    Joined:
    Dec 13, 2003
    Messages:
    526
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Earth
    I have no idea if what want to do is possible. I have tried working with the following parameters but they do not seem to satisfy the objective...

    TCPKeepAlive
    ClientAliveInterval
    ClientAliveCountMax


    I often work with my SSH client running in one window as I multitask in another. At times, the SSH connect will timeout and I have to log back in. I would like to have things set up so I get a visual (or even more preferable audible) warning when the connect is about to expire so I can switch to the SSH window and manually keep it alive.

    1) Is this possible?
    B) If it is possible, how may I set it up?
    iii) I need a shrubbery!
     
  2. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    865
    Likes Received:
    9
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    The following usually works for me:
    On the client side cd to root and edit /etc/ssh/ssh_config ( Note NOT /etc/ssh/sshd_config )
    Find the *host entry and add this:
    ServerAliveInterval 300
    ServerAliveCountMax 3

    Restart ssh service.
     
    #2 kernow, Feb 3, 2015
    Last edited: Feb 3, 2015
  3. PCZero

    PCZero Well-Known Member

    Joined:
    Dec 13, 2003
    Messages:
    526
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Earth
    My server is the only thing that has /etc/ssh/ssh_config, my local machine is a W7 box. So can't edit anything here. I tried adding the lines in question to the file in question on the server and then running service sshd restart but it made no difference in my connections even after logging out/in. I am still timed out w/o notice.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Do you use a specific SSH client for Windows (e.g. Putty)? If so, you should be able to alter the timeout settings in the client to prevent this from happening.

    Thank you.
     
  5. PCZero

    PCZero Well-Known Member

    Joined:
    Dec 13, 2003
    Messages:
    526
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Earth
    Michael that is not exactly what I want to do. I use SecureCRT but I don't merely want to adjust the timeout I want to be warned before the timeout is executed if I am working in another window when the threshold is hit.
     
  6. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    865
    Likes Received:
    9
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    You have a windoze box? are they still going? :D
    Ok then, on your server edit /etc/ssh/sshd_config ( yes sshd_config ) and add:

    ServerAliveInterval 300
    ServerAliveCountMax 3

    Restart ssh service.
     
  7. PCZero

    PCZero Well-Known Member

    Joined:
    Dec 13, 2003
    Messages:
    526
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Earth
    Tried that and got this on restart...

    Starting sshd:
    /etc/ssh/sshd_config: line 129: Bad configuration option: ServerAliveInterval
    /etc/ssh/sshd_config: line 130: Bad configuration option: ServerAliveCountMax
    /etc/ssh/sshd_config: terminating, 2 bad configuration options
     
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello,

    While I do understand that you'd like to receive an alert about the timeout, I am uncertain why you wouldn't simply use this option in SecureCRT to avoid any timeout happening:

    Keep SecureCRT SSH Sessions from Disconnecting

    This would prevent the issue entirely for a timeout as periodic packets to the window (every 60 or whatever seconds) to avoid a timeout in the first place. Is there a reason that a timeout must exist rather than using this method in the program being used? It would solve the issue entirely from happening.

    Thanks!
     
  9. PCZero

    PCZero Well-Known Member

    Joined:
    Dec 13, 2003
    Messages:
    526
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Earth
    I want the notification and a required manual response form me so that if I walk away form my desk while in an SSH session, the timeout will close the connect rather than leave it open unattended. If I simply use the feature within the SecureCRT environment, the conenct stays alive with no concern as to whether I am actually sitting here at my desk or not.
     
  10. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The issue is that I don't believe what you want is possible to have happen. You are welcome to contact SecureCRT to ask if that client application provides any type of option that might do this, but there is nothing in sshd_config server-side that will send an alert before the disconnection to warn you.

    This is SecureCRT's support area (which appears to provide free support even during the evaluation):

    Terminal Replacement Program Support-Strong Encryption Support Updates
     
  11. PCZero

    PCZero Well-Known Member

    Joined:
    Dec 13, 2003
    Messages:
    526
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Earth
    Drat... I was hoping that the parameters we had been discussing would offer that. I do see a session parameter in Secure CRT for audio bell (and visual bell as well) but the documentation is sketchy at best. I do find that this functionality is not present to be a security weakness (from an IT audit point of view anyway). Thank you for the answer. I will continue to research this. Any additional input is welcome.
     
Loading...

Share This Page