How to Increase SSH Connection Timeout in Linux

Secure Shell (SSH) is a widely used protocol for accessing remote systems securely over an insecure network. When establishing an SSH connection, there is a timeout value that determines how long the connection can remain idle before being closed. This mechanism prevents unauthorized access but can be inconvenient during extended work sessions.

The SSH connection timeout is essential for security, but it can be a hassle when working on remote systems for extended periods. This article discusses how to increase the SSH connection timeout in Linux through various configuration methods.

Understanding SSH Connection Timeout

The SSH connection timeout is the period of inactivity after which the SSH server terminates the connection. By default, most SSH servers have a connection timeout of 15 minutes. This timeout prevents unauthorized access but may be insufficient for tasks requiring long periods of inactivity, such as downloading large files or running lengthy processes.

Two key parameters control SSH timeouts:

• ClientAliveInterval Time interval (in seconds) after which the server sends keep-alive messages

• ClientAliveCountMax Number of unanswered keep-alive messages before terminating the connection

Server-Side Configuration Method

To increase the SSH connection timeout, modify the sshd_config file on the remote system. This approach affects all SSH connections to that server.

Step 1: Access the Remote System

ssh username@remote-system-ip

Step 2: Edit the SSH Configuration File

sudo nano /etc/ssh/sshd_config

Step 3: Configure Timeout Parameters

Locate and modify the following parameters. If they don't exist, add them:

ClientAliveInterval 600
ClientAliveCountMax 6

This configuration sends keep-alive messages every 10 minutes (600 seconds) and allows up to 6 unanswered messages, resulting in a 60-minute timeout period.

Step 4: Restart the SSH Service

sudo systemctl restart sshd

Client-Side Configuration Methods

You can also configure timeout settings on the client side, which affects only your connections.

Method 1: Using ServerAlive Parameters

Add the following to your SSH client configuration file (~/.ssh/config):

Host *
   ServerAliveInterval 600
   ServerAliveCountMax 6

Method 2: Using SSH ControlMaster

The ControlMaster option reuses existing connections, reducing connection overhead:

Host *
   ControlMaster auto
   ControlPath ~/.ssh/%r@%h:%p
   ControlPersist 600

Method 3: Command-Line Options

You can specify timeout settings directly when connecting:

ssh -o ServerAliveInterval=600 -o ServerAliveCountMax=6 username@remote-system-ip

Comparison of Configuration Methods

Testing SSH Connection Timeout

To verify your configuration changes:

1. Establish an SSH connection to the remote system

2. Leave the connection idle for your configured timeout period

3. Verify the connection remains active beyond the previous timeout limit

You can also check active SSH connections and their idle time:

who -u
netstat -tnpa | grep :22

Security Considerations

• Balance security and convenience Longer timeouts increase security risks, especially for internet-accessible systems

• Use reasonable timeout values Avoid excessively long timeouts that could compromise security

• Monitor connections Regularly review active SSH sessions and terminate unused ones

• Implement additional security measures Use key-based authentication, disable root login, and restrict user access

Troubleshooting Common Issues

If timeout configuration isn't working:

• Verify syntax in configuration files using sshd -t

• Check if firewall or NAT devices have their own timeout settings

• Ensure the SSH service restarted successfully after configuration changes

• Test with verbose output: ssh -v username@remote-system-ip

Conclusion

Increasing SSH connection timeout in Linux can be accomplished through server-side or client-side configuration methods. While longer timeouts improve user experience for extended sessions, they must be balanced with security considerations. Choose the appropriate method based on your access requirements and administrative privileges.