SUSE Support

Here When You Need Us

Clarification of sshd ClientAlive* settings

This document (000021602) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 12

Situation

In the man page for sshd_config ('man 5 sshd_config') the ClientAliveInterval and ClientAliveCountMax are discussed.
 
From the man page :
ClientAliveCountMax
Sets the number of client alive messages which may be sent without sshd(8) receiving any messages back from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the client, terminating the session.
...
The default value is 3. If ClientAliveInterval is set to 15, and ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds. Setting a zero ClientAliveCountMax disables connection termination.
The immediate interpretation could be that after the last received client message, a connection would be terminated after ClientAliveInterval * ClientAliveCountMax seconds.  However, this is incorrect.

Resolution

Referring to the above settings, the connection is terminated 45 seconds AFTER sending the first client alive message that receives no response.  However, since the first client alive message is sent after ClientAliveInterval seconds of client inactivity, this results in:

ClientAliveInterval + (ClientAliveInterval * ClientAliveCountMax) seconds since the last successful communication.

Applying the above settings, this effectively means that the connection is terminated 15 + (15 * 3) seconds = 60 seconds.

Additional Information

It should also be emphasized that saying "the last client message or activtity" is not equivalent to saying "the last user message or activity".  Client Alive packets get answered silently by the ssh client code.  Even if the user is idle, the client code can be responsive, and can answer Client Alive packets.  In other words, the Client Alive mechanism is not intended to check on user idleness.  It is a check on successful communication between the client and server.  The Client Alive mechanism essentially detects if the client has died or if the network between server and client is no longer delivering packets.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021602
  • Creation Date: 28-Oct-2024
  • Modified Date:28-Oct-2024
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community
tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Support FAQ
tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center