What is ClientAliveInterval in Ubuntu SSH

This article explains the purpose and functionality of the ClientAliveInterval setting in the Ubuntu Linux SSH configuration. You will learn how this parameter controls idle connection timeouts, how it interacts with the SSH client to maintain or terminate active sessions, and how to configure it on your server.

Understanding ClientAliveInterval

The ClientAliveInterval is a configuration option for the OpenSSH daemon (sshd) in Ubuntu Linux. It defines a timeout interval in seconds. If the SSH server has not received any data from the client during this specified timeframe, it will send an encrypted request through the secure channel asking the client for a response.

By default, this setting is usually disabled or set to 0 on Ubuntu, meaning the server will not send keep-alive messages to the client, and inactive connections may remain open indefinitely or be abruptly closed by network firewalls.

Why is ClientAliveInterval Used?

This setting serves two main purposes:

1. Preventing Connection Dropouts: Many network firewalls and routers automatically terminate idle TCP connections after a certain period of inactivity. By sending periodic “keep-alive” messages, ClientAliveInterval creates artificial traffic that tricks firewalls into keeping the connection open.
2. Reclaiming Server Resources: If a client machine loses internet connectivity or crashes without properly closing the SSH session, the server might keep the session open. ClientAliveInterval helps the server detect these “ghost” connections and terminate them to free up system resources.

How ClientAliveInterval Works with ClientAliveCountMax

To determine when to completely disconnect an unresponsive client, ClientAliveInterval works in tandem with another setting called ClientAliveCountMax.

• ClientAliveInterval: The frequency (in seconds) at which the server sends a keep-alive probe.
• ClientAliveCountMax: The number of consecutive probes the server can send without receiving a response before disconnecting the client.

The total timeout threshold is calculated by multiplying these two values. For example, if you configure:

ClientAliveInterval 120
ClientAliveCountMax 3

The server will send a probe every 120 seconds (2 minutes). If the client fails to respond to three consecutive probes, the server will terminate the connection after 360 seconds (6 minutes) of total inactivity.

How to Configure ClientAliveInterval in Ubuntu

To set or modify this setting on Ubuntu Linux, follow these steps:

1. Open the SSH daemon configuration file with a text editor using administrative privileges:

   sudo nano /etc/ssh/sshd_config

2. Locate the line containing ClientAliveInterval. If it is commented out with a # symbol, remove the #. If it does not exist, scroll to the bottom of the file and add it. Set your desired value in seconds:

   ClientAliveInterval 300
   ClientAliveCountMax 3

   (This example keeps the connection alive for up to 15 minutes of inactivity).

3. Save the file and exit the editor (in Nano, press Ctrl+O, Enter, then Ctrl+X).

4. Restart the SSH service to apply the changes:

   sudo systemctl restart ssh