I frequently ssh into my box at home from school, but usually when I change classes and my computer suspends, the pipe will be broken. However, ssh simply locks up - Ctrl+c, Ctrl+z and Ctrl+d have no effect.
It's annoying to have to restart my terminal, and even more annoying to have to close and re-create a new screen window.
So my question, is there an easy way to make ssh die properly (i.e. when the pipe fails "normally" it will exit with a message about a broken pipe)? Or do I have to figure out what the PID is and manually kill it?
Normal keys are forwarded over the
ssh
session, so none of those will work. Instead, use the escape sequences. To kill the current session hit subsequently Enter, ~, ..(Keep in mind that in international keyboards where
~
is set to be a composing character, you have to hit it twice: Enter, ~, ~, .)More of these escape sequences can be listed with Enter, ~, ?:
You can close the list of Escape sequences by hitting Enter.
Notice that because hitting ~~ causes
ssh
to send the~
instead of intercepting it, you can address N nestedssh
connections by hitting ~ N times. (This only applies to ~s that directly follow an Enter.) That is to say that Enter~~~~~. terminates anssh
session 5 layers deep and keeps the other 4 intact.You may also want to setup application-level keep-alives for SSH to prevent it from freezing on connection issues. My
~/.ssh/config
contains this:This makes ssh client send application-level keep-alives every 15 seconds. Whenever three of them fail consecutively (the default of
ServerAliveCountMax
), the client considers the connection as hung and closes it.Opposed to the other option
TCPKeepAlive
, this is checked within the encrypted channel and is not spoofable.It is being noted that those keep-alives also help to, uhm, keep long-idling connections alive, i.e. prevent you from having half-closed tcp sessions hanging for hours untouched.
I highly recommend turning this feature on if you run into this regularly, but you should also know about the slight security risk it may impose. A known-plaintext attack might become easier if the attacker knows the interval and contents of an idle connection. This might be the reasons for why it isn't enabled by default.
As noted in geekosaur's answer, the escape sequence
~.
will terminate the connection.The full list of escape sequences and what they do can be displayed by typing
~?
: