ServerAliveCountMax in SSH

John Crawford asked:

What does the ServerAliveCountMax in SSH actually do?

I am trying to ensure that when I connect to my server via SSH that the connection remains open for a long period of time instead of the connection dying after a short period of inactivity. This is the example

Host *
    ServerAliveInterval 60
    ServerAliveCountMax 2

I’ve heard from one source that the above setting will always send a response to the server every 60 seconds so long as the server receives that response. However if for whatever reason the response doesn’t go through to the server, it will try and send another message. If that message fails too, then it will close the connection. (I feel this is wrong)

The second and third source however say something different. They claim that a message will be sent to the server every 60 seconds if there is a period of inactivity, but it will only send through 2 requests and then it will close the connection.

So what exactly does ServerAliveCountMax do?

My answer:

Your feeling that “this is wrong” is correct. See the man page:

         Sets the number of server alive messages (see below) which may be
         sent without ssh(1) receiving any messages back from the server.
         If this threshold is reached while server alive messages are
         being sent, ssh will disconnect from the server, terminating the
         session.  It is important to note that the use of server alive
         messages is very different from TCPKeepAlive (below).  The server
         alive messages are sent through the encrypted channel and there‐
         fore will not be spoofable.  The TCP keepalive option enabled by
         TCPKeepAlive is spoofable.  The server alive mechanism is valu‐
         able when the client or server depend on knowing when a connec‐
         tion has become inactive.

         The default value is 3.  If, for example, ServerAliveInterval
         (see below) is set to 15 and ServerAliveCountMax is left at the
         default, if the server becomes unresponsive, ssh will disconnect
         after approximately 45 seconds.  This option applies to protocol
         version 2 only.

         Sets a timeout interval in seconds after which if no data has
         been received from the server, ssh(1) will send a message through
         the encrypted channel to request a response from the server.  The
         default is 0, indicating that these messages will not be sent to
         the server.  This option applies to protocol version 2 only.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.