SSH Frequently Asked Questions

How can I stop my SSH session from timing out after it's been inactive for a while?

This problem is actually not usually due to SSH, but rather to an intervening network device, often a NAT gateway or firewall. These devices keep track of TCP flows and time them out after a period of inactivity, for reasons of security or resource consumption. OpenSSH does not have an idle-timeout feature. SSH1, Tectia, and VShell do, but the feature is off by default.

When searching for solutions to this problem, people are often first attracted to the TCP "KeepAlive" feature found in most SSH servers. This is understandable given the name, but this feature is actually not an appropriate (or effective) way to deal with the problem. It is not a feature of SSH per se, but rather a feature TCP which SSH will enable if desired. Its real purpose is not to keep a connection "alive" in the sense we mean it now (which was not a concern when the feature was conceived), but rather to detect half-dead connections and prevent them from building up over time, usually on the server side. The behavior and timing of the probe messages used for TCP keepalive are not effective for solving the modern problem. Instead, you can use the OpenSSH ClientAliveInterval or ServerAliveInterval features. These send periodic probe messages through the SSH protocol itself, and at an interval you can adjust to avoid the problem timeout.

Of course, a low tech solution, at least for interactive sessions, is to just arrange for some text to be sent every once in a while — e.g., having Emacs display the time, so it changes once per minute.