(open) sshd timeout
Jacques B.
jjrboucher at gmail.com
Mon Mar 20 02:04:49 UTC 2006
Just tested it and it works like a charm. I used the global
/etc/profile to effect the condition. If I recall correctly anything
in ~/.bash_profile will override settings in the global /etc/profile.
So you could have a global timeout, and then different timeouts for
certain users. Of course a user could edit their own .bash_profile
and override the timeout from the global profile. So not as secure I
suppose in that sense as something in OpenSSH that an unpriviledged
end user could not change.
Out of curiosity I checked the /var/log/secure file to see if the
timeout resulted in an entry however no evidence found of same. In
/var/log/messages you do see the closed session recorded exactly x
seconds (whatever you set x as) after going idle (I simply logged in
and left it idle, so closed session was exactly 3 minutes after
opening the session - as per 180 second TMOUT I specified in
/etc/profile). However the entry is no different than if a person did
a normal exit vs a timeout. Would have been nice to have the entry
reflect that it was a timeout (good to know if a user is always
forgetting to logout, and good to know if doing log analysis on a
system pursuant to investigating an incident on the network).
Jacques B.
More information about the fedora-list
mailing list