04-14-2009 05:37 AM - edited 03-11-2019 08:17 AM
I have a Unix user that SSH's from the inside network to a Server in the DMZ network. If he leaves it idle the SSH session is killed by the firewall. Is there a way to tell the ASA not to kill SSH sessions through the firewall that are idle?
Solved! Go to Solution.
04-14-2009 07:03 AM
There are two solutions to this:
1- increase the tcp idle connection on the ASA. The command is "timeout xxxx" or something like that. Check the documentation.
2- enable ssh keep-alive in SSH server itself. In the /etc/ssh/sshd_config configuration of the SSH server, uncomment this line:
#KeepAlive yes
then restart the ssh server. With option #2, you do not have to involve the Firewall guy.
Easy right?
04-14-2009 07:03 AM
There are two solutions to this:
1- increase the tcp idle connection on the ASA. The command is "timeout xxxx" or something like that. Check the documentation.
2- enable ssh keep-alive in SSH server itself. In the /etc/ssh/sshd_config configuration of the SSH server, uncomment this line:
#KeepAlive yes
then restart the ssh server. With option #2, you do not have to involve the Firewall guy.
Easy right?
04-15-2009 04:47 AM
Okay, option 1 worked for us. Increased the "timeout conn 01:00:00" to 2 hours and it worked. That is what I was looking for so I appreciate the response.
Thanks!
04-14-2009 10:08 PM
Every SSH client has option to enable keep-alive, this will send nop command every so seconds and keep the connection alive.
In Linux ssh client machine put it here:
/etc/ssh/ssh_config
ServerAliveInterval
In Putty (Windows) you go to
Connection -> Sending of null packets to keep session alive -> put value in seconds
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: