[sllug-members]: OpenSSH Idle Timeout
Jason Edwards
jtanium at gmail.com
Fri Jan 25 15:33:58 MST 2008
Well, thanks for that input... I guess that will just have to do...
The lame thing about the Bash idle timeout, is users can easily fix
that by adding "unset TMOUT" to their .bash_profile.
I looked if there was a way to do it in iptables, similar to the way
my stupid WRT45G kills my ssh connections after, like, 30 minutes, but
couldn't find anything. I imagine you'd have to pull in the recent
module -- it would be tricky, no doubt about it.
Jason
On Jan 25, 2008 11:51 AM, Andrew Johnson <andrewjohnson at mail.weber.edu> wrote:
> > So, this if for PCI compliance, what are you doing to meet this requirement?:
> >
> > 8.5.15 If a session has been idle for more than 15 minutes, require
> > the user to re-enter the
> > password to re-activate the terminal
>
> If this is what you want, consider forcing your users into a "screen"
> session. You can set the idle option to fifteen minutes and run
> something like "away" or "vlock" which will require a password to
> unlock. Something like this would prevent walkaway users from being a
> security risk without cutting them off cold.
>
> ______________________________________________________________________
> See http://www.sllug.org/ for latest SLLUG news, information, links.
> Join SLLUG and other UT LUG members on irc.FreeNode.net channel #Utah
> sllug-members at sllug.org
> http://www.sllug.org/cgi-bin/mailman/listinfo/sllug-members
>
More information about the sllug-members
mailing list