[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: (open) sshd timeout



Hello

RE:
> Found this at: http://www.unix.org.ua/orelly/networking_2ndEd/ssh/ch05_04.htm

Yes, this is a nice summary; I also found it, but openssh is not
covered here.

> SSH1 provides the IdleTimeout keyword, which tells the server what to
> do if a connection is idle, i.e., if the user doesn't transmit any

...

It appears that IdleTimeout is not supported by openssh on the daemon
side:

http://www.derkeiler.com/Mailing-Lists/securityfocus/Secure_Shell/2004-08/0034.html

It seems strange that I have to ask each user to update their .ssh/
personal config files to have a timeout based upon the keys.
E.g.:
http://linsec.ca/syshardening/openssh.php


There should be a centralized way of controlling this. I have account
on a debian machine with openssh, where this is somehow centrally
managed (but I have no idea how...). Inactive (but otherwise alive)
connections are stopped after a couple of hours.

> this answer myself as I am running openssh on a PC and never gave
> thought to this issue.  But then again I'm the only (authorized) user

The danger is when there are many users, some log in from the dorm,
e.g. a public computer room, and leave the connection there for
hours--days.

Cheers,
Gaspar


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]