[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SSH connection timeout?



Clark, Patti wrote:
I've been working on tweaking RHEL4 for settings to meet various
security requirements.  One question that has come up is whether an ssh
session can have an idle timeout set.  I'd thought that using
ClientAliveInterval and ClientAliveCountMax were the solution (restart
sshd after mods).  However, I am not seeing that happen.  So, the
question, are these 2 parameters suppose to work for idle timeout, or
are they used only for when the client "system" really goes to lunch?
Are there parameters for setting idle timeout for ssh sessions?

ClientAliveInterval and ClientAliveCountMax are intreded to detect when a client is no longer connected. It is triggered by inactivity but as long as the session is up, the server will not terminate.

There is no way built onto OpenSSH to have the server terminate the session for inactivity. If you want this behavior you'll have to timeout the shell being run. The easiest way to do this is setting TMOUT in the bash environment. For Redhat this is easy. Suppose you want 2 hour timeout (7200 seconds). Just create file called autologout.sh with the line

export TMOUT=7200

and drop it in /etc/profile.d/ for all the server you want to timeout.

If you use cshell, this won't work because, IIRC, cshell won't autologout if DISPLAY is set or the login is on a pseudo tty. Someone here may know better.

--
Stephen



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]