How can I break out of ssh when it locks?
I frequently ssh into my box at home from school, but usually when I change classes and my computer suspends, the pipe will be broken. However, ssh simply locks up - Ctrl+c, Ctrl+z and Ctrl+d have no effect.
It's annoying to have to restart my terminal, and even more annoying to have to close and re-create a new screen window.
So my question, is there an easy way to make ssh die properly (i.e. when the pipe fails "normally" it will exit with a message about a broken pipe)? Or do I have to figure out what the PID is and manually kill it?
Solution 1:
Normal keys are forwarded over the ssh
session, so none of those will work. Instead, use the escape sequences. To kill the current session hit subsequently Enter, ~, ..
(Keep in mind that in international keyboards where ~
is set to be a composing character, you have to hit it twice: Enter, ~, ~, .)
More of these escape sequences can be listed with Enter, ~, ?:
Supported escape sequences:
~. - terminate connection (and any multiplexed sessions)
~B - send a BREAK to the remote system
~C - open a command line
~R - request rekey
~V/v - decrease/increase verbosity (LogLevel)
~^Z - suspend ssh
~# - list forwarded connections
~& - background ssh (when waiting for connections to terminate)
~? - this message
~~ - send the escape character by typing it twice
(Note that escapes are only recognized immediately after newline.)
You can close the list of Escape sequences by hitting Enter.
Notice that because hitting ~~ causes ssh
to send the ~
instead of intercepting it, you can address N nested ssh
connections by hitting ~ N times. (This only applies to ~s that directly follow an Enter.) That is to say that Enter~~~~~. terminates an ssh
session 5 layers deep and keeps the other 4 intact.
Solution 2:
You may also want to setup application-level keep-alives for SSH to prevent it from freezing on connection issues. My ~/.ssh/config
contains this:
Host *
ServerAliveInterval 15
# ServerAliveCountMax 3
This makes ssh client send application-level keep-alives every 15 seconds. Whenever three of them fail consecutively (the default of ServerAliveCountMax
), the client considers the connection as hung and closes it.
Opposed to the other option TCPKeepAlive
, this is checked within the encrypted channel and is not spoofable.
It is being noted that those keep-alives also help to, uhm, keep long-idling connections alive, i.e. prevent you from having half-closed tcp sessions hanging for hours untouched.
I highly recommend turning this feature on if you run into this regularly, but you should also know about the slight security risk it may impose. A known-plaintext attack might become easier if the attacker knows the interval and contents of an idle connection. This might be the reasons for why it isn't enabled by default.
Solution 3:
As noted in geekosaur's answer, the escape sequence ~.
will terminate the connection.
The full list of escape sequences and what they do can be displayed by typing ~?
:
Supported escape sequences:
~. - terminate connection (and any multiplexed sessions)
~B - send a BREAK to the remote system
~C - open a command line
~R - Request rekey (SSH protocol 2 only)
~^Z - suspend ssh
~# - list forwarded connections
~& - background ssh (when waiting for connections to terminate)
~? - this message
~~ - send the escape character by typing it twice
(Note that escapes are only recognized immediately after newline.)