What options `ServerAliveInterval` and `ClientAliveInterval` in sshd_config exactly do?

  • I found this question, but I'm sorry I don't quite understand the settings on the two variables ServerAliveInterval and ClientAliveInterval mentioned in the accepted response. If my local server is timing out, should I set this value to zero? Will it then never time out? Should I instead set it to 300 seconds or something?

    My question is simply, some of my connections time out when I suspend & then unsuspend my laptop with the response Write failed: Broken pipe and some don't. How can I correctly configure a local sshd so that they don't fail with a broken pipe?

  • Barthelemy

    Barthelemy Correct answer

    10 years ago

    ServerAliveInterval: number of seconds that the client will wait before sending a null packet to the server (to keep the connection alive).

    ClientAliveInterval: number of seconds that the server will wait before sending a null packet to the client (to keep the connection alive).

    Setting a value of 0 (the default) will disable these features so your connection could drop if it is idle for too long.

    ServerAliveInterval seems to be the most common strategy to keep a connection alive. To prevent the broken pipe problem, here is the ssh config I use in my .ssh/config file:

    Host myhostshortcut
         HostName myhost.com
         User barthelemy
         ServerAliveInterval 60
         ServerAliveCountMax 10
    

    The above setting will work in the following way,

    1. The client will wait idle for 60 seconds (ServerAliveInterval time) and, send a "no-op null packet" to the server and expect a response. If no response comes, then it will keep trying the above process till 10 (ServerAliveCountMax) times (600 seconds). If the server still doesn't respond, then the client disconnects the ssh connection.

    ClientAliveCountMax on the server side might also help. This is the limit of how long a client are allowed to stay unresponsive before being disconnected. The default value is 3, as in three ClientAliveInterval.

    Ok, so I would interpret zero seconds to imply "don't keep alive" which is why it doesn't poll the client/server?

    yup 0 = don't send a null packet. Another different would be that ServerAliveInterval is set in the client config whereas ClientAliveInternal is set in the server config.

    This seems like good advice to prevent idleness causing timeouts, but I don't understand how it relates to the OP question of preventing broken pipes when the client suspends. When asleep, the client would not be able to send a null packet, so surely this setting is moot?

    The ServerAlive portion is, certainly. ClientAliveInterval/ClientAliveCountMax is what would help here.

    This may be bad advice! Having a ServerAliveInterval with clients which suspend could in fact be the cause of the Broken Pipe: The server tries to ping the client while it is away, and eventually drops the connection. When the client resumes, it gets TCP RST packets from the server, translated as broken pipe locally. ClientAliveInterval should do no harm in the suspend scenario.

    Looking back at this old answer, I believe responded to the question in the title and not the question in the second paragraph, hence the comments about ServerAliveInternal not being helpful for suspend, which I agree with. @JonasWielicki ClientAliveInterval could be bad in a case of suspend because the suspended client would not answer the server and the server would eventually disconnect the client after ClientAliveCountMax.

    @Barthelemy Right, I confused Server and Client in my comment. That was my bad.

License under CC-BY-SA with attribution


Content dated before 6/26/2020 9:53 AM