| View previous topic :: View next topic |
| Author |
Message |
voncloft
Tux's lil' helper
Joined: 29 Jan 2014
Posts: 99
|
 Posted: Wed Feb 28, 2018 9:21 pm Post subject: Idle ssh connections won't disconnect. |
 |
|
this is my code for sshd_config
| Code: |
# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Port 222
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
#AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
PrintLastLog no
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#Compression delayed
ClientAliveInterval 60
ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# here are the new patched ldap related tokens
# entries in your LDAP must have posixAccount & ldapPublicKey objectclass
#UseLPK yes
#LpkLdapConf /etc/ldap.conf
#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/
#LpkUserDN ou=users,dc=phear,dc=org
#LpkGroupDN ou=groups,dc=phear,dc=org
#LpkBindDN cn=Manager,dc=phear,dc=org
#LpkBindPw secret
#LpkServerGroup mail
#LpkFilter (hostAccess=master.phear.org)
#LpkForceTLS no
#LpkSearchTimelimit 3
#LpkBindTimelimit 3
#LpkPubKeyAttr sshPublicKey
# override default of no subsystems
Subsystem sftp /usr/lib64/misc/sftp-server
# the following are HPN related configuration options
# tcp receive buffer polling. disable in non autotuning kernels
#TcpRcvBufPoll yes
# disable hpn performance boosts
#HPNDisabled no
# buffer size for hpn to non-hpn connections
#HPNBufferSize 2048
# allow the use of the none cipher
#NoneEnabled no
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
# Allow client to pass locale environment variables #367017
AcceptEnv LANG LC_*
|
I can have atleast up to 10 ssh connections - What am I doing wrong?
edit:
| Code: |
Using this alias in bash:
alias watchallports='watch -n 0.5 "sudo netstat -tanp | grep -v unix | grep ESTABLISHED"'
I receive the following many hours after I close my session from ssh via clients.
Code:
tcp 0 0 192.168.1.1:222 192.168.1.100:58332 ESTABLISHED 20840/sshd: root@pt
tcp 0 0 192.168.1.1:445 192.168.1.100:54282 ESTABLISHED 11151/smbd
tcp 0 0 192.168.1.1:445 192.168.1.13:57928 ESTABLISHED 2945/smbd
tcp 0 0 192.168.1.1:222 192.168.1.100:59382 ESTABLISHED 3425/sshd: root@pts
tcp 0 0 68.39.237.234:222 50.251.4.52:7029 ESTABLISHED 2954/sshd: nick [pr
...I closed out the other 2 sessions hours ago....they show as active still.
|
Last edited by voncloft on Thu Mar 01, 2018 10:53 am; edited 1 time in total |
|
| Back to top |
|
 |
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23085
|
| Posted: Thu Mar 01, 2018 2:09 am Post subject: Re: Idle ssh connections won't disconnect. |
|
|
| voncloft wrote: | | I can have atleast up to 10 ssh connections - What am I doing wrong? |
Failing to explain the problem. First, how do you know that idle ssh connections do not disconnect? What do you consider to be idle? How is the number of ssh connections related to this problem? Do you expect it to remove old connections only once a certain number of connections exist? |
|
| Back to top |
|
|
voncloft
Tux's lil' helper
Joined: 29 Jan 2014
Posts: 99
|
| Posted: Thu Mar 01, 2018 10:53 am Post subject: |
|
|
Using this alias in bash:
alias watchallports='watch -n 0.5 "sudo netstat -tanp | grep -v unix | grep ESTABLISHED"'
I receive the following many hours after I close my session from ssh via clients.
| Code: |
tcp 0 0 192.168.1.1:222 192.168.1.100:58332 ESTABLISHED 20840/sshd: root@pt
tcp 0 0 192.168.1.1:445 192.168.1.100:54282 ESTABLISHED 11151/smbd
tcp 0 0 192.168.1.1:445 192.168.1.13:57928 ESTABLISHED 2945/smbd
tcp 0 0 192.168.1.1:222 192.168.1.100:59382 ESTABLISHED 3425/sshd: root@pts
tcp 0 0 68.39.237.234:222 50.251.4.52:7029 ESTABLISHED 2954/sshd: nick [pr
|
...I closed out the other 2 sessions hours ago....they show as active still. |
|
| Back to top |
|
|
mike155
Advocate
Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany
|
| Posted: Thu Mar 01, 2018 11:20 am Post subject: |
|
|
1) Please open a connection to your server and log in as root. Execute the statements below:
| Code: | netstat -tanp | grep ssh | grep ESTAB
ps -fe | grep ssh |
2) Now open an additional SSH connection to your server and re-execute the statements above. The output of each statement will show one or two additional lines, right?
3) Now enter 'exit' to close the second connection (the one you opened in step 2) and re-execute the statements above. The output should be the same as in step 1: the additional lines which were shown in step 2 should be gone. What do you see? |
|
| Back to top |
|
|
|
Networking & Security
