[sllug-members]: OpenSSH Idle Timeout

Jason Edwards jtanium at gmail.com
Fri Jan 25 10:54:16 MST 2008 

Argh.  Here's where that quote is from...

http://www.usenet-forums.com/openssh-development/336615-re-openssh-idle-timeouts.html

Jaosn

On Jan 25, 2008 10:53 AM, Jason Edwards <jtanium at gmail.com> wrote:
> Well, I think I found the answer, from ():
>
> If you mean "at the shell but haven't typed anything for a while" then
> there's no mechanism in sshd for that right now, and it's probably not
> something that sshd should be doing anyway; ssh connection != shell
> session (you can have zero, 1 or many shell sessions per ssh
> connection). There a couple of other options: shell timeout options (as
> others have pointed out) or there's an "idle daemon" that does this for
> all login types (the details escape me at the moment).
>
> So, this if for PCI compliance, what are you doing to meet this requirement?:
>
> 8.5.15 If a session has been idle for more than 15 minutes, require
> the user to re-enter the
> password to re-activate the terminal
>
> Jason
>
>
> On Jan 25, 2008 9:59 AM, Jason Edwards <jtanium at gmail.com> wrote:
> > Well this won't be it, from the man:
> >
> > "Specifies whether the system should send TCP keepalive messages
> > to the other side.  If they are sent, death of the connection or
> > crash of one of the machines will be properly noticed.  However,
> > this means that connections will die if the route is down tem-
> > porarily, and some people find it annoying.  On the other hand,
> > if TCP keepalives are not sent, sessions may hang indefinitely on
> > the server, leaving ``ghost'' users and consuming server re-
> > sources.
> >
> > The default is ``yes'' (to send TCP keepalive messages), and the
> > server will notice if the network goes down or the client host
> > crashes.  This avoids infinitely hanging sessions.
> >
> > To disable TCP keepalive messages, the value should be set to 'no'."
> >
> > So this is on already on...  Plus, it's a 'yes' or 'no' kinda thing;
> > doesn't let me specify a time to kill the session...
> >
> > I know, why is this so hard?
> >
> > Jason
> >
> >
> > On Jan 25, 2008 9:50 AM, Colby W. <colbyw at gmail.com> wrote:
> > > On Jan 25, 2008 9:42 AM, Stuart Jansen <sjansen at buscaluz.org> wrote:
> > > > On Fri, 2008-01-25 at 09:24 -0700, Jason Edwards wrote:
> > > > > How do you set the idle timeout for OpenSSH?
> > > >
> > > > man sshd_config reveals: ClientAliveInterval. Give that a try.
> > >
> > > See also (in sshd_config(5)) : TCPKeepAlive
> > >
> > >  --- Colby
> > >
> > > ______________________________________________________________________
> > > See http://www.sllug.org/ for latest SLLUG news, information, links.
> > > Join SLLUG and other UT LUG members on irc.FreeNode.net channel #Utah
> > > sllug-members at sllug.org
> > > http://www.sllug.org/cgi-bin/mailman/listinfo/sllug-members
> > >
> >
>

More information about the sllug-members mailing list