Clark, Patti wrote:
I've been working on tweaking RHEL4 for settings to meet various
security requirements. One question that has come up is whether an ssh
session can have an idle timeout set. I'd thought that using
ClientAliveInterval and ClientAliveCountMax were the solution (restart
sshd after mods). However, I am not seeing that happen. So, the
question, are these 2 parameters suppose to work for idle timeout, or
are they used only for when the client "system" really goes to lunch?
Are there parameters for setting idle timeout for ssh sessions?
ClientAliveInterval and ClientAliveCountMax are intreded to detect when
a client is no longer connected. It is triggered by inactivity but as
long as the session is up, the server will not terminate.
There is no way built onto OpenSSH to have the server terminate the
session for inactivity. If you want this behavior you'll have to
timeout the shell being run. The easiest way to do this is setting
TMOUT in the bash environment. For Redhat this is easy. Suppose you
want 2 hour timeout (7200 seconds). Just create file called
autologout.sh with the line
export TMOUT=7200
and drop it in /etc/profile.d/ for all the server you want to timeout.
If you use cshell, this won't work because, IIRC, cshell won't
autologout if DISPLAY is set or the login is on a pseudo tty. Someone
here may know better.
--
Stephen
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
