Understanding SSH Session Timeout and Authentication Logs on Edge Nodes
search cancel

Understanding SSH Session Timeout and Authentication Logs on Edge Nodes

book

Article ID: 398654

calendar_today

Updated On: 05-23-2025

Products

VMware NSX

Issue/Introduction

This article provides insights into SSH session timeout configurations and authentication log entries on Edge nodes. It explains the default inactivity timeout settings for admin and root accounts, how to verify and modify these settings, and how to analyse authentication logs (auth.log) to track login/logout events.

Additionally, it explores potential client-side factors that may contribute to SSH session disconnects. By understanding these parameters, administrators can optimise SSH session behaviour and troubleshoot unexpected disconnects effectively.

Environment

VMware NSX

Resolution

The Edge node maintains an authentication log (auth.log) under /var/log/, which records login and logout events whenever an SSH session is established. The log includes timestamps and source IP addresses for session tracking.

The default inactivity timeout for SSH sessions under the admin account is 600 seconds (10 minutes).

This setting can be verified and changed using the command:

get cli-timeout
set cli-timeout <timeout-arg>

where <timeout-arg> represents the timeout duration in seconds.

 

Below is an example of an SSH authentication request from <source IP address> on port <source port>, associated with session 123456. This session remained active for 10 minutes (600 seconds) before terminating.

auth.log:YYYY-MM-DDTHH:00:SS.SSSZ <edge node hostname> systemd-logind 2499 - - Accepted password for admin from <source IP address> port <source port> ssh2
auth.log:YYYY-MM-DDTHH:00:SS.SSSZ <edge node hostname> systemd-logind 2499 - - New session 123456 of user admin.
auth.log:YYYY-MM-DDTHH:10:SS.SSSZ <edge node hostname> systemd-logind 2499 - - Session 123456 logged out. Waiting for processes to exit.
auth.log:YYYY-MM-DDTHH:10:SS.SSSZ <edge node hostname> systemd-logind 2499 - - Removed session 123456.

 

The above configuration applies only to the admin account. If troubleshooting SSH session disconnects for the root account, check the SSH configuration file under /etc/ssh/sshd_config:

root@EdgeNode:~# cat /etc/ssh/sshd_config | grep -i client
ClientAliveInterval 180
ClientAliveCountMax 2

This above configuration defines a default SSH inactivity timeout of 6 minutes ( 2 keepalive packets, each sent at 180 second intervals, resulting in a total timeout of 360 seconds ) if no response is received from the client. Additionally, client side SSH timeout settings may also influence session termination, potentially leading to premature disconnects.

 

Powered by Wolken Software