SSHServerAdvancedUse·Chapter12 277 that. If the client alive count max is set to the default of 3, the SSH client would be disconnected after the third keepalive was sent. Using either type of keepalive message may be required. Often an inactive session will timeout on the session table of a firewall between the SSH server and SSH client. This is sometimes the cause for sessions that seem to drop when left idle. By setting one or both of the keepalive options, you can prevent this behavior and help ensure that sessions close only when you want them to. Logging Options Linux and the SSH process offer many options for logging. Based on the configuration options covered in this chapter, you can generate log entries from the netfilter firewall, from TCP Wrappers, and of course from sshd itself. Each of these options has its value. It is worth pointing out that more is not always better. Sometimes the first inclination is to log as much information as possible. Besides consuming storage space and processor cycles needlessly, it may decrease security. This is due to the fact that an administrator can sift through only so many log entries at a time. Too much information can cause the really important entries to get lost in the clutter. Determining what level of logging is appropriate will depend on your log parsing mechanisms, storage space, processor capabilities, and of course your organization's security policy.