How to Prevent SSH Timing out from Server and Client

Prevent SSH Timing out

As a system administrator, you manage linux servers and for some others may have their own virtual private server (VPS).  In some cases you will need to spend a lot of time on the SSH connection to resolve any issues and do the routine work through command line. Some of you may have encountered an annoying issue where your session is disconnected after a period of inactivity.

SSH connection that is inactive or idle usually disconnected by the server after a specified period of time. It depends on the configuration in the SSH server(remote server) or the SSh client.  After the connection is cut, the client SSH / putty connection you will be presented with a message saying SSH time out or connection closed or message similar to below :

Read from remote host www.ehowstuff.com: Connection reset by peer Connection to www.ehowstuff.com closed

In order to prevent SSH timing out from the server, you need to configure /etc/ssh/sshd_config or /etc/ssh/ssh_config. If we keep the setting a value of 0 (the default) for both (ServerAliveInterval and ClientAliveInterval) will disable these features so your connection could drop if it is idle for too long. This article will

As the reference, i will explains how you can stop and prevent SSH timing out from server and client. This steps has been tested on CentOS 6 / CentOS 7 / RHEL 6 / RHEL 7 / Oracle Linux 6 / Oracle Linux 7.

What is /etc/ssh/sshd_config ?

sshd_config is a system configuration file for OpenSSH which allows you to set options that modify the operation of the daemon (SSH server/service)

What is /etc/ssh/ssh_config ?

ssh_config is a system configuration file for OpenSSH which allows you to set options that modify the operation of the linux client programs. If you are running windows client program you should configure it in Putty client.

Option 1 : How to Prevent SSH Timing out from OpenSSH Server :

a) As a root user, open sshd_config file :

# vi /etc/ssh/sshd_config

b) Find the ClientAliveInterval option to 60 (in seconds) or add the value if it is not there.

ClientAliveInterval 60

Note : ClientAliveInterval: number of seconds that the server will wait before sending a null packet to the client (to keep the connection alive).

c) Restart sshd daemon :
In CentOS 7 / RHEL 7

# sudo systemctl restart sshd.service

In CentOS 5/6 / RHEL 5/6

# service sshd restart

In above example, we sets a timeout interval to 60 seconds after idle time (which if no data has been received from the client), the ssh server will send a message through the encrypted channel to request
a response from the client. If no response, ssh server will let ssh client to exit (timeout) automatically.

Option 2 : How to Prevent SSH Timing out from Linux OpenSSH Client :

a) As a root user, open ssh_config file :

# vi /etc/ssh/ssh_config

b) Find the ServerAliveInterval option to 60 (in seconds) or add the value if it is not there.

ServerAliveInterval 60

Note : ServerAliveInterval: number of seconds that the client will wait before sending a null packet to the server (to keep the connection alive).

In above example, we set a timeout interval to 60 seconds after idle time, ssh client will send a message through the encrypted channel to request a response from the server, so that the server won’t disconnect the client.

Option 3 : How to Prevent SSH Timing out from Windows Putty Client :

a) Open Putty
b) Click on Connection tab
c) Check the box for Enable TCP keepalives (SO_KEEPALIVE option)
d) Input the second in between keepalives.

Prevent SSH Timing out

Conclusion

All of above settings will let the server or client send a packet to its partner every 60 seconds. After the configuration is done, SSH connection will remain active even if the user does not perform any activity at the command line or idle.

Reference
sysadmincasts.com
docs.oseems.com

How to Secure OpenSSH (SSHD) on Linux

OpenSSH is a open source alternative to the proprietary Secure Shell software. It is also the SSH connectivity tools that allows you to remotely login, transfer remote file via scp or sftp. It was created as an open source alternative to the proprietary Secure Shell software. OpenSSH options are controlled through the /etc/ssh/sshd_config file. In order to improve OpenSSH server security, certain default sshd setting need to be change. This post will show you three example to Secure OpenSSH (SSHD) on Linux. This steps has been tested on CentOS 6.3 and may working on CentOS 6.2, CentOS 5.x and Redhat Enterprise Linux 5 (RHEL 5) and Redhat Enterprise Linux 6 (RHEL 6).

1.Change SSH Default Port :

By default ssh runs on port 22. Hacker would need to know the SSH port number in order to access your system. One of the method to improve security is to change the default port to a non-standard port. That would helps to stop brute force attacks.

#Port 22

Uncomment and change to :

Port 2202

2. Disable Root Login (PermitRootLogin) :

Add the following entry to sshd_config to disable root to login to the server directly.

#PermitRootLogin yes

Uncomment and change to :

PermitRootLogin no

3. Listen Specific IP only :

By default ssh will listen on all of the above ip-addresses. If you want users to login only using ip-address 192.168.1.200 and 192.168.1.202, do the following in your sshd_config :

ListenAddress 192.168.1.200
ListenAddress 192.168.1.202

How to Enable a Warning SSH Banner on CentOS 6.3

This post covers the quick steps to enable a Warning SSH banner on CentOS 6.3. Step may be similar with other version of CentOS and Redhat Enterprise. The purpose of this banner is to show some messages or warning when a ssh session is connected and before the authorization. Follow the following steps :

1. Create a /etc/banner file and fill it with your desired message as below :

[root@centos63 ~]# vi /etc/banner

Add the following :

Warning!! Only authorized System Administrator can access to this system..

2. Edit /etc/ssh/sshd_config and change the following :

..
..
# no default banner path
#Banner none
..
..

to

..
..
# default banner path
Banner /etc/banner
..
..

3. Restart sshd service :

[root@centos63 ~]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]

4. Relogin to ssh session :
ssh

How to Fix “scp: command not found” on CentOS 6.2/RHEL 6

I get the following error when I try to use SCP command line on CentOS linux server. SCP command is usually used to safely copy files and directories between the remote host without FTP sessions or log in to a remote system directly. SCP command line utility uses SSH to transfer data, so it requires a password or passphrase for confirmation before proceeding with the transfer.

-bash: scp: command not found

The above issue is related to openshh. There are two openssh packages that usually exist on the linux, openssh-server and openssh-clients. You can use the telnet command to check whether the openssh server has been installed or not.

[root@centos62 ~]# telnet localhost 22
Trying ::1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3

Above telnet command shows that openssh-server has been installed. Therefore, the problem on “scp: command not found” is due to openssh-clients not installed.

Verify the installed package :

[root@centos62 ~]# rpm -qa | grep openssh-*
openssh-server-5.3p1-70.el6.i686
openssh-5.3p1-70.el6.i686

To install openssh-clients, execute the following command :

[root@centos62 ~]# yum install openssh-clients -y

Then try to run scp command :

[root@centos62 ~]# scp
usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]
           [-l limit] [-o ssh_option] [-P port] [-S program]
           [[user@]host1:]file1 ... [[user@]host2:]file2

If you have been returned to the scp message above, that’s mean your openssh-clients package has been installed successfully.

How to SSH Without Password on Linux

In this post, i will share with you the steps on how to setup and configure linux servers to allow SSH without password. After completely performed the following steps, you can ssh from one system to another without specifying a password. With this, you can automate your tasks such as automatically copy data from server1 to server2. This steps has been tested on CentOS 6.2 and may working on other CentOS versions and Redhat Enterprise linux versions as well.

Notes:
-Client server is server2. This is where ssh session is started via the ssh command.
-Main server is server1. This is where ssh session from server2 will be connects to.
-This steps has been tested using root account on CentOS 6.2.

1. Add and configure /etc/hosts for both servers (ssh client and ssh server) :

[root@server1 ~]# vi /etc/hosts
[root@server2 ~]# vi /etc/hosts

Add this lines to /etc/hosts on both servers (ssh client and ssh server) :

192.168.1.44 server1
192.168.1.48 server2

2. Login as a root to server2 and create hidden directory called ssh under your account. This steps has been tested using root account :

[root@server2 ~]# mkdir -p $HOME/.ssh

Set permission as below :

[root@server2 ~]# chmod 0700 $HOME/.ssh

3. Configure SSH Keys Authentication by typing the following command :

[root@server2 ~]# ssh-keygen

Whatever it appears just press enter until it ends, press enter for passphase as well :

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
83:20:f0:1d:11:db:7e:e9:be:d6:ed:a2:e7:f1:ac:34 root@server2
The key's randomart image is:
+--[ RSA 2048]----+
|.   +o           |
| o . +           |
|  o + .          |
|   . o . .       |
|      o S        |
|       o .       |
|        ..E.     |
|       ...+=.    |
|       .+=o++    |
+-----------------+

4. Check what files that was produced by ssh-keygen command. Normally it’s automatically stored under $HOME/.ssh :

[root@server2 ~]# ls $HOME/.ssh
id_rsa  id_rsa.pub

5. Login as a root to server1 and create hidden directory called ssh under your account :

[root@server1 ~]# mkdir -p $HOME/.ssh

Set permission as below :

[root@server1 ~]# chmod 0700 $HOME/.ssh

6. From server2, copy over the id_rsa.pub (public key) to server1 :

[root@server2 ~]# scp $HOME/.ssh/id_rsa.pub root@server1:$HOME/.ssh
The authenticity of host 'server1 (192.168.1.44)' can't be established.
RSA key fingerprint is 71:fc:a2:51:b3:ed:bc:7b:68:ec:9e:51:a8:04:ab:fd.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server1' (RSA) to the list of known hosts.
root@server1's password:
id_rsa.pub                                                        100%  394    

7. On server1, enter ssh directory and execute these commands :

[root@server1 ~]# cd $HOME/.ssh

Export id_rsa.pub key to authorized_keys

[root@server1 .ssh]# cat id_rsa.pub >> $HOME/.ssh/authorized_keys

Set permission as below :

[root@server1 .ssh]# chmod 0600 $HOME/.ssh/authorized_keys

8. Your have successfully configure and allow ssh without password. From now on you can log into server1 as root from server2 without any password :

[root@server2 ~]# ssh root@server1