Support Center > Search Results > SecureKnowledge Details
How to extend SSH session timeout and allow commands to survive beyond the SSH session closure
Solution

Background

For example, a command, such as a debug or packet capture is run, but it fails to capture relevant data because the SSH session times out. Commands run from a SSH session (such as PuTTY) self-terminate when the SSH session ends, making it difficult to run traffic captures or debugs for long periods of time.

There are two methods to address this:

  • Either increase the session idle timeout

    • On Gaia OS:

      1. Log in to Gaia Clish.

      2. Check the current Clish idle timeout:

        HostName> show inactivity-timeout

      3. Set the idle timeout of the current Clish session to maximal value (in minutes):

        HostName> set inactivity-timeout 720

        Notes: To set it permanently, also run:
        HostName> save config

      4. Log in to Expert mode.

      5. Check the current Bash idle timeout:

        [Expert@HostName]# echo $TMOUT

      6. Set the idle timeout of the current Bash session to some high value (in seconds):

        [Expert@HostName]# export TMOUT=3600

        Notes:

        • To unset the Bash session idle timeout completely, assign the value 0 (zero).
        • To set the desired Bash session idle timeout permanently, edit the /etc/bashrc file - modify the line
          from
          export TMOUT=`expr $IDLE \* 60`
          to
          export TMOUT=Desired_Value_in_Seconds


    • On SecurePlatform OS:

      1. Log in to cpshell.

      2. Check the current idle timeout:

        [HostName]# idle

        Example output:
        [MGMT]# idle
        10 minutes
        [MGMT]#
        
      3. Set the idle timeout of the current session to maximal value (in minutes):

        [HostName]# idle 999

        Note: This applies only to the current session. If you wish to increase idle timeout permanently, then set the desired value in the /etc/cpshell/cpshell.state file - modify the line
        from
        idle=10
        to
        idle=Desired_Value_in_Minutes


  • Or force the process to ignore "hangup" when an SSH session ends.

    When an SSH session ends, a "hangup" signal is sent to all of its child processes.
    There are two simple methods to prevent the signal:

    • Either disown the process

      1. Enter a command, followed by the ampersand (&) to place that command in the background.

        Example:

        [Expert@HostName]# fw monitor -e "accept host(172.16.0.1);" -o /var/log/test.cap &
        [1] 27524
        

        Where "27524" is the Process ID (PID) of the "fw monitor" command.

        We can verify this with by running a "ps -auwx" command:

        [Expert@HostName]# ps -auwx | grep "fw monitor"
        admin     27524  0.7  2.1  88268  21256 pts/2        Ss   Aug02   2:05 fw monitor -e accept host(172.16.0.1); -o /var/log/test.cap
        
      2. Disown the process (refer to manual page):

        [Expert@HostName]# disown <PID>

        In our example, the PID=27524:
        [Expert@HostName]# disown 27524

        Closing, or having the SSH session end due to timeout will no longer send a hangup to this process, since it is no longer a child process of the SSH session.

      3. Open a new SSH session to this machine and manually kill the disowned process that still runs in the background:

        [Expert@HostName]# kill <PID>

        In our example, the PID=27524:
        [Expert@HostName]# kill 27524



    • Or set the process to ignore hangups

      This method leaves the process as a child of the SSH session, but causes it to ignore the "hangup" signal from SSH when it closes.

      1. Run the desired command prepended by "nohup" and followed by the ampersand (&) to place that command in the background:

        [Expert@HostName]# nohup <Desired_Command> &

        Example:

        [Expert@HostName]# nohup fw monitor -e "accept host(172.16.0.1);" -o /var/log/test.cap &
        [1] 30209
        nohup: appending output to 'nohup.out'
        

        Notes:

        • The output of the command is piped to the text file nohup.out that is created in the same directory, from which the entire command was run.
        • The SSH session can be ended with "exit" or can time out, but the hangup signal sent to this child process will be ignored.


      2. Open a new SSH session to this machine and manually kill the process that still runs in the background:

        [Expert@HostName]# kill <PID>

        In our example, the PID=30209:
        [Expert@HostName]# kill 30209


  • How to kill the process if you don't know the PID?
    • lsof nohup.out

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment