SSH超时断线问题解决记录

Posted by fishcried on July 11, 2014

原理

这是一个很简单的问题。可以有两种方式解决:

  1. 修改客户端
  2. 修改服务器 修改客户端的方式较多,因为你不能指定用户使用特定的客户端。那么就修改服务器吧。 只要配置/etc/ssh/sshd_configClientAliveIntervalClientAliveCountMax即可.
man sshd_config
...
ClientAliveCountMax
             Sets the number of client alive messages (see below) which may be
             sent without sshd(8) receiving any messages back from the client.
             If this threshold is reached while client alive messages are
             being sent, sshd will disconnect the client, terminating the ses‐
             sion.  It is important to note that the use of client alive mes‐
             sages is very different from TCPKeepAlive (below).  The client
             alive messages are sent through the encrypted channel and there‐
             fore will not be spoofable.  The TCP keepalive option enabled by
             TCPKeepAlive is spoofable.  The client alive mechanism is valu‐
             able when the client or server depend on knowing when a connec‐
             tion has become inactive.

             The default value is 3.  If ClientAliveInterval (see below) is
             set to 15, and ClientAliveCountMax is left at the default, unre‐
             sponsive SSH clients will be disconnected after approximately 45
             seconds.  This option applies to protocol version 2 only.
ClientAliveInterval
             Sets a timeout interval in seconds after which if no data has
             been received from the client, sshd(8) will send a message
             through the encrypted channel to request a response from the
             client.  The default is 0, indicating that these messages will
             not be sent to the client.  This option applies to protocol ver‐
             sion 2 only.
...

脚本

file: alivessh.sh:

#!/bin/bash
#
# The MIT License (MIT)
# Copyright (c) 2014 neunn (wangtq@neunn.com)
# 2014-07-11 
#

CONFIG_FILE="/etc/ssh/sshd_config"
TIMEOUT=60
COUNTMAX=10

test $UID != 0 && echo "Please use root" && exit 1

sed -i '/^[[:space:]]*ClientAliveInterval.*$/d' $CONFIG_FILE
sed -i '/^[[:space:]]*ClientAliveCountMax.*$/d' $CONFIG_FILE

echo "ClientAliveInterval $TIMEOUT" >> $CONFIG_FILE
echo "ClientAliveCountMax $COUNTMAX" >> $CONFIG_FILE

echo "Add config to $file successu"

echo "Restart ssh service"
service ssh restart
exit 0

验证

ssh -v  u@ip
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1

或者抓包,查看网络

变更记录

Why Who When
Create fishcired 2014-07-11