SSH中的ServerAliveCountMax


24

SSH中的ServerAliveCountMax实际做什么?

我试图确保当我通过SSH连接到服务器时,该连接可以长时间保持打开状态,而不是在短暂的不活动之后该连接消失。这是例子

Host *
    ServerAliveInterval 60
    ServerAliveCountMax 2

我从一个消息来源获悉,只要服务器收到响应,上述设置将始终每60秒将响应发送给服务器。但是,如果由于某种原因该响应没有传递到服务器,它将尝试发送另一条消息。如果该消息也失败,则它将关闭连接。(我觉得这是错误的)

然而,第二第三来源却有所不同。他们声称,如果有一段时间不活动,则会每60秒将一条消息发送到服务器,但该消息只会通过2个请求发送,然后将关闭连接。

那么ServerAliveCountMax到底是做什么的呢?

Answers:


31

您认为“这是错误的”是正确的。参见手册页

 ServerAliveCountMax
         Sets the number of server alive messages (see below) which may be
         sent without ssh(1) receiving any messages back from the server.
         If this threshold is reached while server alive messages are
         being sent, ssh will disconnect from the server, terminating the
         session.  It is important to note that the use of server alive
         messages is very different from TCPKeepAlive (below).  The server
         alive messages are sent through the encrypted channel and there‐
         fore will not be spoofable.  The TCP keepalive option enabled by
         TCPKeepAlive is spoofable.  The server alive mechanism is valu‐
         able when the client or server depend on knowing when a connec‐
         tion has become inactive.

         The default value is 3.  If, for example, ServerAliveInterval
         (see below) is set to 15 and ServerAliveCountMax is left at the
         default, if the server becomes unresponsive, ssh will disconnect
         after approximately 45 seconds.  This option applies to protocol
         version 2 only.

 ServerAliveInterval
         Sets a timeout interval in seconds after which if no data has
         been received from the server, ssh(1) will send a message through
         the encrypted channel to request a response from the server.  The
         default is 0, indicating that these messages will not be sent to
         the server.  This option applies to protocol version 2 only.

3
手册页已明确Interval设置为0禁用。但是不清楚是否设置Max0。它会发送无限的Alive ping,还是没有?
gcb 2015年

我不清楚是否将ServerAliveInterval设置为0会无限期地保持连接打开
Francesco 2017年

1
@Francesco默认情况下,连接将永远保持打开状态,除非一端明确将其关闭。
迈克尔·汉普顿

5

如果将SSH服务器配置为在一段时间后没有流量关闭连接(例如,提供SSH访问的共享Web托管提供程序几乎总是这样做),则服务器活动消息很有用。设置这两个选项会每秒钟发送一个数据包ServerAliveInterval,最多可发送一次,ServerAliveCountMax从而使会话保持活动状态。

为了回答有关将任一选项设置为的不确定性的评论0,我已经阅读了实现的源代码openssh,这就是我看到的内容...

  • 设置ServerAliveInterval为to 0将不会发送数据包,但是它将假定会话由于TCP超时未断开并且服务器未配置为丢弃非活动客户端,从而使会话无限期地保持活动状态。

  • 设置ServerAliveCountMax0它和设置相同的效果ServerAliveInterval0

  • 将值设置为负数或大于INT_MAX(即2,147,483,647)将导致“整数值...”错误。

  • 设置ServerAliveCountMax之间 INT_MAX/1000+1(即2147484)至INT_MAX(即2,147,483,647)也将是等同于设置任一值到0

因此,从本质上讲,您可以获得的最大超时(仍在发送数据包时)为INT_MAX/1000(即2,147,483)。由于1会话超时且完全没有流量,这将使您花费近25天的时间。

显然,SSH的其他实现可能会有不同的结果。

By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.