[sllug-members]: OpenSSH Idle Timeout
Jason Edwards
jtanium at gmail.com
Fri Jan 25 10:53:12 MST 2008
Well, I think I found the answer, from ():
If you mean "at the shell but haven't typed anything for a while" then
there's no mechanism in sshd for that right now, and it's probably not
something that sshd should be doing anyway; ssh connection != shell
session (you can have zero, 1 or many shell sessions per ssh
connection). There a couple of other options: shell timeout options (as
others have pointed out) or there's an "idle daemon" that does this for
all login types (the details escape me at the moment).
So, this if for PCI compliance, what are you doing to meet this requirement?:
8.5.15 If a session has been idle for more than 15 minutes, require
the user to re-enter the
password to re-activate the terminal
Jason
On Jan 25, 2008 9:59 AM, Jason Edwards <jtanium at gmail.com> wrote:
> Well this won't be it, from the man:
>
> "Specifies whether the system should send TCP keepalive messages
> to the other side. If they are sent, death of the connection or
> crash of one of the machines will be properly noticed. However,
> this means that connections will die if the route is down tem-
> porarily, and some people find it annoying. On the other hand,
> if TCP keepalives are not sent, sessions may hang indefinitely on
> the server, leaving ``ghost'' users and consuming server re-
> sources.
>
> The default is ``yes'' (to send TCP keepalive messages), and the
> server will notice if the network goes down or the client host
> crashes. This avoids infinitely hanging sessions.
>
> To disable TCP keepalive messages, the value should be set to 'no'."
>
> So this is on already on... Plus, it's a 'yes' or 'no' kinda thing;
> doesn't let me specify a time to kill the session...
>
> I know, why is this so hard?
>
> Jason
>
>
> On Jan 25, 2008 9:50 AM, Colby W. <colbyw at gmail.com> wrote:
> > On Jan 25, 2008 9:42 AM, Stuart Jansen <sjansen at buscaluz.org> wrote:
> > > On Fri, 2008-01-25 at 09:24 -0700, Jason Edwards wrote:
> > > > How do you set the idle timeout for OpenSSH?
> > >
> > > man sshd_config reveals: ClientAliveInterval. Give that a try.
> >
> > See also (in sshd_config(5)) : TCPKeepAlive
> >
> > --- Colby
> >
> > ______________________________________________________________________
> > See http://www.sllug.org/ for latest SLLUG news, information, links.
> > Join SLLUG and other UT LUG members on irc.FreeNode.net channel #Utah
> > sllug-members at sllug.org
> > http://www.sllug.org/cgi-bin/mailman/listinfo/sllug-members
> >
>
More information about the sllug-members
mailing list