SSH connection timeout?
Stephen Carville
stephen at totalflood.com
Sun Feb 18 01:03:55 UTC 2007
Clark, Patti wrote:
> I've been working on tweaking RHEL4 for settings to meet various
> security requirements. One question that has come up is whether an ssh
> session can have an idle timeout set. I'd thought that using
> ClientAliveInterval and ClientAliveCountMax were the solution (restart
> sshd after mods). However, I am not seeing that happen. So, the
> question, are these 2 parameters suppose to work for idle timeout, or
> are they used only for when the client "system" really goes to lunch?
> Are there parameters for setting idle timeout for ssh sessions?
ClientAliveInterval and ClientAliveCountMax are intreded to detect when
a client is no longer connected. It is triggered by inactivity but as
long as the session is up, the server will not terminate.
There is no way built onto OpenSSH to have the server terminate the
session for inactivity. If you want this behavior you'll have to
timeout the shell being run. The easiest way to do this is setting
TMOUT in the bash environment. For Redhat this is easy. Suppose you
want 2 hour timeout (7200 seconds). Just create file called
autologout.sh with the line
export TMOUT=7200
and drop it in /etc/profile.d/ for all the server you want to timeout.
If you use cshell, this won't work because, IIRC, cshell won't
autologout if DISPLAY is set or the login is on a pseudo tty. Someone
here may know better.
--
Stephen
More information about the redhat-list
mailing list