| Posted by gpl24, 07-07-2008, 05:33 AM | | This may seem a bit obvious to some of you, but:
How long should you be logged into ssh?
I like to use ssh as ftp (sftp) and I have tendencies to (try and be) logged in forever. I like to edit my files live and save them to the server & view them immediately, make any changes if I have to, repeat.
After about 10-15 minutes or so I always get booted & have to reconnect, is this the server telling me to f-off?
Reason I ask: Just came across a post on another forum where someone mentioned "Ideally, you should not be logged into SSH very long. Log in, do your task and logoff."
|
| Posted by activelobby4u, 07-07-2008, 05:37 AM | | checkout sshd_config and confirm whether a timeout is set . Usually by default there is no such timeouts
|
| Posted by gpl24, 07-07-2008, 05:42 AM | | How do I find that config? (Is there a command?)
Also, in cpanel there is "Shell fork bomb protection" - In order to trigger this, does a user need to try and be deceitful and try and overload the memory, or is this just something that happens due to the additional layers of security ssh offers?
|
| Posted by activelobby4u, 07-07-2008, 06:01 AM | | there are several possibilities :
1. ipchains/iptables firewalls can be configured to timeout ssh (and other) sessions.
2. /etc/ssh/sshd_config has a KeepAlive feature that is often commented out by default, that can be set to "yes"
3. you can check one of the /proc settings for tcp timeouts with a command like this:
less /proc/sys/net/ipv4/tcp_keepalive_time
it will probably be around 7200 (i.e. 2 hours)
if you like, you can reset the timeout by echoing to /proc/sys/net/ipv4/tcp_keepalive_time
example:
echo -n 43200 > less /proc/sys/net/ipv4/tcp_keepalive_time
4. there is also a program called "idled" that can be configured to terminate idle connections
5. there are probably other programs that do similar things, you have got to dig it out
|
| Posted by gpl24, 07-07-2008, 06:10 AM | | Oh ok, in your opinion would it be wise to disable any timeout limit (if there is any), is there any drawback to being logged into ssh for an extended period of time?
|
| Posted by activelobby4u, 07-07-2008, 06:12 AM | | leaving the ssh session for a long time is not recommended. However you could increase the timeout value if it is set
|
| Posted by gpl24, 07-07-2008, 06:16 AM | | Ok thank you.
One last question: What is the longest possible ssh session you'd be comfortable with, on your server?
|
| Posted by Ashley Merrick, 07-07-2008, 08:05 AM | | Depends what Im doing, if Im spending a whole day on a VPS Node going through installing upgrading VPS then it might be open for 10+ hours.
Really depends, does not matter belongs you have it open for something, if your not going to be using it for a while and may be walking around from your computer than shut the conection down. Just to be safe, it only takes a few seconds to login again.
|
| Posted by activelobby4u, 07-08-2008, 04:53 AM | | As my business is to work on servers, we usually have sessions open for more than 24 - 48 hours open for tasks such as migration or constant monitoring.
However as a security policy we do make sure that the session is logged out as soon as the task is completed. And additionally if there is some kind of disconnection, we kill the terminal session after re login
So its Basically like "complete your work and logout"
|
|
 Add to Favourites
 Print this Article
|
