Posted on

How to Prevent SSH Timing out from Server and Client

Prevent SSH Timing out

As a system administrator, you manage linux servers and for some others may have their own virtual private server (VPS).  In some cases you will need to spend a lot of time on the SSH connection to resolve any issues and do the routine work through command line. Some of you may have encountered an annoying issue where your session is disconnected after a period of inactivity.

SSH connection that is inactive or idle usually disconnected by the server after a specified period of time. It depends on the configuration in the SSH server(remote server) or the SSh client.  After the connection is cut, the client SSH / putty connection you will be presented with a message saying SSH time out or connection closed or message similar to below :

Read from remote host www.ehowstuff.com: Connection reset by peer Connection to www.ehowstuff.com closed

In order to prevent SSH timing out from the server, you need to configure /etc/ssh/sshd_config or /etc/ssh/ssh_config. If we keep the setting a value of 0 (the default) for both (ServerAliveInterval and ClientAliveInterval) will disable these features so your connection could drop if it is idle for too long. This article will

As the reference, i will explains how you can stop and prevent SSH timing out from server and client. This steps has been tested on CentOS 6 / CentOS 7 / RHEL 6 / RHEL 7 / Oracle Linux 6 / Oracle Linux 7.

What is /etc/ssh/sshd_config ?

sshd_config is a system configuration file for OpenSSH which allows you to set options that modify the operation of the daemon (SSH server/service)

What is /etc/ssh/ssh_config ?

ssh_config is a system configuration file for OpenSSH which allows you to set options that modify the operation of the linux client programs. If you are running windows client program you should configure it in Putty client.

Option 1 : How to Prevent SSH Timing out from OpenSSH Server :

a) As a root user, open sshd_config file :

# vi /etc/ssh/sshd_config

b) Find the ClientAliveInterval option to 60 (in seconds) or add the value if it is not there.

ClientAliveInterval 60

Note : ClientAliveInterval: number of seconds that the server will wait before sending a null packet to the client (to keep the connection alive).

c) Restart sshd daemon :
In CentOS 7 / RHEL 7

# sudo systemctl restart sshd.service

In CentOS 5/6 / RHEL 5/6

# service sshd restart

In above example, we sets a timeout interval to 60 seconds after idle time (which if no data has been received from the client), the ssh server will send a message through the encrypted channel to request
a response from the client. If no response, ssh server will let ssh client to exit (timeout) automatically.

Option 2 : How to Prevent SSH Timing out from Linux OpenSSH Client :

a) As a root user, open ssh_config file :

# vi /etc/ssh/ssh_config

b) Find the ServerAliveInterval option to 60 (in seconds) or add the value if it is not there.

ServerAliveInterval 60

Note : ServerAliveInterval: number of seconds that the client will wait before sending a null packet to the server (to keep the connection alive).

In above example, we set a timeout interval to 60 seconds after idle time, ssh client will send a message through the encrypted channel to request a response from the server, so that the server won’t disconnect the client.

Option 3 : How to Prevent SSH Timing out from Windows Putty Client :

a) Open Putty
b) Click on Connection tab
c) Check the box for Enable TCP keepalives (SO_KEEPALIVE option)
d) Input the second in between keepalives.

Prevent SSH Timing out

Conclusion

All of above settings will let the server or client send a packet to its partner every 60 seconds. After the configuration is done, SSH connection will remain active even if the user does not perform any activity at the command line or idle.

Reference
sysadmincasts.com
docs.oseems.com

Posted on

How to Setup SSH Login Without Password CentOS / RHEL

SSH Login Without Password

As a system administrator, you plan on using OpenSSH for Linux and automate your daily tasks such as transferring files or database dump file for the backup to another server. To achieve this goal, you need to log in automatically from the host A to host B. Login automatically mean you do not want to enter any password because you want to use ssh from a shell script.

In this article we’ll show you how to Setup SSH Login without Password on CentOS / RHEL. After automatic login has been configured, you can use it to move the file using SSH (Secure Shell) and secure copy (SCP).

SSH is open source and the most trusted network protocol which is used to login to the remote server. It is used by system administrators to execute commands, also used to transfer files from one computer to another over a network using SCP protocol.

After you setup SSH login without password, you can get the following advantages :

a) Automate your daily task via scripts.
b) If you login to your linux server using ssh key instead of normal loging using any user, it will enhance security of your linux server. This is one of the recommended method to prevent a brute force attack on virtual private server (VPS), SSH keys are nearly impossible to decipher by brute force alone.

What is ssh-keygen

ssh-keygen is a Unix utility that is used to generate, create, manage the public and private keys for ssh authentication. With the help of the ssh-keygen tool, a user can create passphrase keys for both SSH protocol version 1 and version 2. ssh-keygen creates RSA keys for SSH protocol version 1 and RSA or DSA keys for use by SSH protocol version 2.

What is ssh-copy-id

ssh-copy-id is a script that copies the local-host’s public key to the remote-host’s authorized_keys file. ssh-copy-id also append the indicated identity file to that machine’s ~/.ssh/authorized_keys file and assigns proper permission to the remote-host’s home.

SSH keys

SSH keys provide better and secure way of logging into a linux server with SSH. After you run ssh-keygen, you will generate public key and private key. You can place the public key on any server, and then unlock it by connecting to it with a client that already has the private key. When the two match up, the system unlocks without the need for a password.

Setup SSH Login Without Password on CentOS and RHEL.

This steps tested on CentOS 5/6/7, RHEL 5/6/7 and Oracle Linux 6/7.

Node1 : 192.168.0.9
Node2 : 192.168.0.10

Step One :
Test the connection and access from node1 to node2 :

[root@node1 ~]# ssh root@192.168.0.10
The authenticity of host '192.168.0.10 (192.168.0.10)' can't be established.
RSA key fingerprint is 6d:8f:63:9b:3b:63:e1:72:b3:06:a4:e4:f4:37:21:42.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.10' (RSA) to the list of known hosts.
root@192.168.0.10's password:
Last login: Thu Dec 10 22:04:55 2015 from 192.168.0.1
[root@node2 ~]#

Step Two :
Generate public and private keys using ssh-key-gen. Please take note that you can increase security by protecting the private key with a passphrase.

[root@node1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
b4:51:7e:1e:52:61:cd:fb:b2:98:4b:ad:a1:8b:31:6d root@node1.ehowstuff.local
The key's randomart image is:
+--[ RSA 2048]----+
|          . ++   |
|         o o  o  |
|        o o o  . |
|       . o + ..  |
|        S   .  . |
|         .   .. .|
|        o E oo.o |
|         = ooo.  |
|        . o.o.   |
+-----------------+

Step Three :
Copy or transfer the public key to remote-host using ssh-copy-id command. It will append the indicated identity file to ~/.ssh/authorized_keys on node2 :

[root@node1 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.0.10
root@192.168.0.10's password:
Now try logging into the machine, with "ssh '192.168.0.10'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

Step Four :
Try SSH login without Password to node2 :

[root@node1 ~]# ssh root@192.168.0.10
Last login: Sun Dec 13 14:03:20 2015 from www.ehowstuff.local

I hope this article gives you some ideas and quick guide on how to setup SSH login without password on Linux CentOS / RHEL.

Reference

 

Posted on

How to Secure OpenSSH (SSHD) on Linux

OpenSSH is a open source alternative to the proprietary Secure Shell software. It is also the SSH connectivity tools that allows you to remotely login, transfer remote file via scp or sftp. It was created as an open source alternative to the proprietary Secure Shell software. OpenSSH options are controlled through the /etc/ssh/sshd_config file. In order to improve OpenSSH server security, certain default sshd setting need to be change. This post will show you three example to Secure OpenSSH (SSHD) on Linux. This steps has been tested on CentOS 6.3 and may working on CentOS 6.2, CentOS 5.x and Redhat Enterprise Linux 5 (RHEL 5) and Redhat Enterprise Linux 6 (RHEL 6).

1.Change SSH Default Port :

By default ssh runs on port 22. Hacker would need to know the SSH port number in order to access your system. One of the method to improve security is to change the default port to a non-standard port. That would helps to stop brute force attacks.

#Port 22

Uncomment and change to :

Port 2202

2. Disable Root Login (PermitRootLogin) :

Add the following entry to sshd_config to disable root to login to the server directly.

#PermitRootLogin yes

Uncomment and change to :

PermitRootLogin no

3. Listen Specific IP only :

By default ssh will listen on all of the above ip-addresses. If you want users to login only using ip-address 192.168.1.200 and 192.168.1.202, do the following in your sshd_config :

ListenAddress 192.168.1.200
ListenAddress 192.168.1.202