sshd - time out idle connections
jrisom at gmail.com
Fri May 3 21:27:20 UTC 2013
On 5/3/2013 10:05 AM, Fleuriot Damien wrote:
> Thanks for your response Markham,
> I'm afraid labor law is much too protective here for us to be able to "educate" users in this way;)
> Your idea to run a cron job every X minutes has merit though, I'll try and check into that !
If labor law's stopping you, what does the law say about
security/privacy breaches because someone stole a laptop that was still
connected to your server?
Run a cron job, and kill any ssh process that's lasted longer than five
minutes, ignore what's being ran. Also kill any detached process by
that user. If you must do something, you probably have sudo rights to
pause cron. Why are you allowing ssh if you're not letting it be usable?
I might also look into the annoyance of having a different
authentication method just for ssh, setting it's pam config to be
different than other services. If everything else uses kerberos, have
ssh just use unix and not kerberos. It seems like a simple way to
further limit access.
More information about the freebsd-questions