Ubuntu SSH connections don’t close

sshtimeoutUbuntu

We have a connection to one of our servers from an external party. This party logs in using sftp and uploads some files. The sessions are not closed by that party and they don't know how to get that done (it's a Windows server and appearantly the scripts they are using do not support it).

Now the server crashed last week because it was low in memory. After some searching I found out there were 2500 SSH connections (some a couple of months old). Each taking up just a little bit of memory, but together it crashed the server. I killed them all and now it is running smoothly.

How can I prevent this from happening again? I would like to have all sessions be killed after a couple of hours. Is that possible from the server side or should I create a script for that myself?

There has a lot been written about SSH timeouts, but all solutions are client side.

EDIT: For now I have created this script which runs every night:
count=$(ps aux | grep [USERNAME] | wc -l)
echo "Found $count processes";

    for i in $(seq $count)
    do
        echo "kill $i"
        kill -9 $(ps aux | grep [USERNAME] | grep -v grep | head  -n 1 | tr -s ' ' | cut -f 2 -d ' ')
    done
    service ssh restart

You need to replace [USERNAME] with the logged in user. It will kill all processes of this user, but in my case there are only SSH connections running for this user.

Best Answer

Edit your SSH Server's config file to include

ClientAliveInterval 600
ClientAliveCountMax 0

This will disconnect all idle clients after 10 minutes (600 seconds).

Quoting the manual:

ClientAliveCountMax

Sets the number of client alive messages (see below) which may be sent without sshd(8) receiving any messages back from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the client, terminating the session. [...]

The default value is 3. If ClientAliveInterval (see below) is set to 15, and ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds. This option applies to protocol version 2 only.

ClientAliveInterval

Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client. This option applies to protocol version 2 only.

Related Topic