Solaris10 如何设置空闲ssh连接超时断开

在ssh的配置文件中有2个参数可以控制空闲连接超时断开。这2个参数是ClientAliveCountMax和ClientAliveInterval。

Solaris10上设置空闲ssh连接超时断开的方法如下：

修改/etc/ssh/sshd_config文件，在文件中加入以下内容：
ClientAliveCountMax = 0
ClientAliveInterval = 600   #单位是秒

然后重启ssh服务：
#> svcadm restart ssh

这两个参数的说明参见man sshd_config

ClientAliveCountMax

Sets the number of client  alive  messages  (see  Clien-
tAliveInterval,  below)  that  can  be sent without sshd
receiving any messages back from  the  client.  If  this
threshold  is  reached  while  client alive messages are
being sent, sshd will disconnect the client, terminating
the  session.  It  is  important to note that the use of
client alive messages is very different  from  KeepAlive
(see  below). The client alive messages are sent through
the encrypted channel and therefore will not be  spoofa-
ble.  The  TCP  keepalive option enabled by KeepAlive is
spoofable. The client alive mechanism is valuable when a
client or server depend on knowing when a connection has
become inactive.

The default value is 3. If  ClientAliveInterval  (below)
is  set  to  15,  and ClientAliveCountMax is left at the
default, unresponsive ssh clients will  be  disconnected
after approximately 45 seconds.

ClientAliveInterval

Sets a timeout interval in seconds after  which,  if  no
data  has  been  received  from the client, sshd sends a
message through  the  encrypted  channel  to  request  a
response  from  the client. The default is 0, indicating
that these messages will not be sent to the client. This
option applies only to protocol version 2.

需要说明的是man里的说明似乎有错误。按照man里面的说明，如果设置ClientAliveCountMax＝3，ClientAliveInterval=15，空闲连接应该在45秒左右自动断开，但实际测试时发现必须设置ClientAliveCountMax＝0，空闲连接才能自动断开。