这个问题已经查了很多资料,最终都是聚焦在这两个参数上,先翻译下
man sshd_config
今天翻出来看时,总觉得翻译的不是很到位,在向英语专业同学咨询后改正如下。
ClientAliveCountMax
Sets the number of client alive messages which may be sent without sshd(8) receiving any messages back from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the client, terminating the session. It is important to note that the use of client alive messages is very different from TCPKeepAlive. The client alive messages are sent through the encrypted channel and therefore will not be spoofable.
The TCP keepalive option enabled by TCPKeepAlive is spoofable.
The client alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive.
The default value is 3. If ClientAliveInterval is set to 15, and ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds.
ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client.
客户端最大活跃数
当没有接收到从客户端发送的任何消息时,设置服务器可发送的客户端活跃消息个数。如果消息已被发送出去且达到这个阈值时,sshd会断开与客户端的连接并终止此次会话。注意客户端活跃消息与 TCPKeepAlive 很不一样,前者通过加密通道传输因此不具有欺骗性。
通过 TCPKeepAlive 的 TCP 活跃选项具有欺骗性。
客户端活跃机制是有价值的,当客户端或服务器想知道连接什么时候闲置时。
默认值是 3。如果 ClientAliveInterval 设置为 15,并且 ClientAliveCountMax 小于 3,大约 45 秒后无响应的 SSH 客户端会被断开连接。
客户端活跃间隔
设置超时间隔(秒)如果从客户端没有收到数据之后,sshd 会通过加密通道发送消息来要求客户端给出响应。默认值是0,表明这些信息将不会发送到客户端。
设置 ClientAliveInterval 来使 ssh 保持长时间连接
ClientAliveInterval 默认值是 0,不会有消息发送给客户端。所以只要修改这个值就可以了,只要客户端还打开着,就能接收到这个消息并作出相应。
修改 /etc/ssh/sshd_config 文件,把 ClientAliveInterval 前的注释去掉,设置为60(其实我感觉随便设置个数就可以了),ClientAliveCountMax 保持不变就行。