Wednesday, March 23, 2022

How to Kill Inactive or Forgotten SSH Sessions in Linux


From time to time I'll have a slew of terminal windows already open and I'll randomly open another one to the same host. I usually forget that I'm already logged in to another shell via PuTTY. Normally when I'm done with one instance, I'll exit the session and close PuTTY. Then a few minutes goes by and I'll come across another PuTTY window on the screen still logged in. D'oh.


Well, that's where killing inactive SSH sessions comes in. Read on for a quick and easy way to identify other sessions.


First off, by typing 'w' at the command prompt you can see who else is logged into said computer. You can learn more about this command here and here. (Basic list of Unix commands on Wiki)

Run the following command:

pstree -p

In the following output look for the line that starts with "sshd(XXX)". This seems rather obvious in the following example but in the real terminal there will be other program instances running and you'll see them above and below the following two lines. "sshd(468) is the process you're looking for in the sea of processes. Yours will have a different number after it.

*If you see a line that has "sftp-server" instead of "bash" just know that this is more than likely a connection via "WinSCP" or the likes.

 │           └─sshd(1943)───sshd(1958)───bash(1959)───pstree(2251)

In the above example look for "pstree" at the end of the line. PID 1943 refers to your current session. The remaining sshd session with a PID of 1696 (first line) indicates another session. You can have multiple sessions to the same computer via SSH, however if your terminal window is closed accidentally or you have a session that is inactive, you would want to kill this session.

Run the following command to kill existing sessions by PID number (replace 1696 with your PID number):

sudo kill 1696

Recheck with the "w" command. You should only see one session, which is your current one.


You can also modify the config files for SSH here using "nano" to either disconnect inactive clients after a timeout period or disable a timeout which isn't suggested in a production environment:

"sudo nano /etc/ssh/sshd_config"

Look for the following lines:

ClientAliveInterval 600
ClientAliveCountMax 3

"ClientAliveInterval" is the number of seconds that the server will wait before sending a null packet to the client (to keep the connection alive). If you set this to zero the server will never send the null packet.

"ClientAliveCountMax" is the number of times the server will send the null packet and wait for a response defined by "ClientAliveInterval" before terminating the session.

Example: If you set "ClientAliveInterval" to 400 seconds and set "ClientAliveCountMax" to a count of 5, then the server will send a null packet (through the encrypted channel) every 400 seconds for a count of 5 times waiting to hear back from the client. If the server receives no response from the client after that, then the server will terminate the session after about 33 minutes in this example.

400 * 5 = 2000
2000/60 (minutes)
33.33 minutes

** Remember, a setting of zero means it's disabled. Therefore you should set these values high enough to avoid the "broken pipe error" which means that the data stopped flowing to and the client/server is unable to start the flow back up.

More information can be found here about the above commands:


No comments: