sshd - time out idle connections
Fleuriot Damien
ml at my.gd
Fri May 3 15:23:08 UTC 2013
On May 3, 2013, at 5:16 PM, Arthur Chance <freebsd at qeng-ho.org> wrote:
> On 05/03/13 15:28, Fleuriot Damien wrote:
>> Hello list,
>>
>>
>>
>> I'm facing this unusual demand at work where we need to time out idle SSH connections for security purposes.
>>
>> I've checked the following options from sshd_config but none seems to fit my needs :
>> TCPKeepAlive
>> ClientAliveCountMax
>> ClientAliveInterval
>>
>>
>> Basically, I'm trying to defeat the use of the following client-side option:
>> ServerAliveInterval 5
>>
>>
>> I'm afraid all I've hit now is dead ends.
>>
>>
>> Has anyone ever had the same requirements before and, perhaps, found a solution to this ?
>
> There's an idletime parameter in login.conf which will log out idle users. Normally sshd bypasses login, but the sshd config parameter UseLogin can change that, although it disables X11Forwarding.
>
> Note: this is all from a quick perusal of the source and manuals, I've not done it myself.
>
> --
> In the dungeons of Mordor, Sauron bred Orcs with LOLcats to create a
> new race of servants. Called Uruk-Oh-Hai in the Black Speech, they
> were cruel and delighted in torturing spelling and grammar.
>
> _Lord of the Rings 2.0, the Web Edition_
I've already tried using login.conf 's idle timeout option and was sad indeed that it didn't apply to SSH connections.
It never occured to me that UseLogin might be involved there…
I'll have a look at it as well, thanks for your help Arthur.
More information about the freebsd-questions
mailing list