(open) sshd timeout
Gaspar Bakos
gbakos at cfa.harvard.edu
Mon Mar 20 00:56:48 UTC 2006
Hello
RE:
> Found this at: http://www.unix.org.ua/orelly/networking_2ndEd/ssh/ch05_04.htm
Yes, this is a nice summary; I also found it, but openssh is not
covered here.
> SSH1 provides the IdleTimeout keyword, which tells the server what to
> do if a connection is idle, i.e., if the user doesn't transmit any
...
It appears that IdleTimeout is not supported by openssh on the daemon
side:
http://www.derkeiler.com/Mailing-Lists/securityfocus/Secure_Shell/2004-08/0034.html
It seems strange that I have to ask each user to update their .ssh/
personal config files to have a timeout based upon the keys.
E.g.:
http://linsec.ca/syshardening/openssh.php
There should be a centralized way of controlling this. I have account
on a debian machine with openssh, where this is somehow centrally
managed (but I have no idea how...). Inactive (but otherwise alive)
connections are stopped after a couple of hours.
> this answer myself as I am running openssh on a PC and never gave
> thought to this issue. But then again I'm the only (authorized) user
The danger is when there are many users, some log in from the dorm,
e.g. a public computer room, and leave the connection there for
hours--days.
Cheers,
Gaspar
More information about the fedora-list
mailing list