Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 3 May 2013 17:23:05 +0200
From:      Fleuriot Damien <ml@my.gd>
To:        Arthur Chance <freebsd@qeng-ho.org>
Cc:        FreeBSD questions <freebsd-questions@freebsd.org>
Subject:   Re: sshd - time out idle connections
Message-ID:  <7A4DFB0E-05E5-4147-B9D4-E797458D30F8@my.gd>
In-Reply-To: <5183D4B7.9050204@qeng-ho.org>
References:  <1698EAB7-4B40-466D-98CB-782E9E494578@my.gd> <5183D4B7.9050204@qeng-ho.org>

next in thread | previous in thread | raw e-mail | index | archive | help

On May 3, 2013, at 5:16 PM, Arthur Chance <freebsd@qeng-ho.org> wrote:

> On 05/03/13 15:28, Fleuriot Damien wrote:
>> Hello list,
>>=20
>>=20
>>=20
>> I'm facing this unusual demand at work where we need to time out idle =
SSH connections for security purposes.
>>=20
>> I've checked the following options from sshd_config but none seems to =
fit my needs :
>> TCPKeepAlive
>> ClientAliveCountMax
>> ClientAliveInterval
>>=20
>>=20
>> Basically, I'm trying to defeat the use of the following client-side =
option:
>> ServerAliveInterval 5
>>=20
>>=20
>> I'm afraid all I've hit now is dead ends.
>>=20
>>=20
>> Has anyone ever had the same requirements before and, perhaps, found =
a solution to this ?
>=20
> There's an idletime parameter in login.conf which will log out idle =
users. Normally sshd bypasses login, but the sshd config parameter =
UseLogin can change that, although it disables X11Forwarding.
>=20
> Note: this is all from a quick perusal of the source and manuals, I've =
not done it myself.
>=20
> --=20
> In the dungeons of Mordor, Sauron bred Orcs with LOLcats to create a
> new race of servants. Called Uruk-Oh-Hai in the Black Speech, they
> were cruel and delighted in torturing spelling and grammar.
>=20
> 		_Lord of the Rings 2.0, the Web Edition_


I've already tried using login.conf 's idle timeout option and was sad =
indeed that it didn't apply to SSH connections.

It never occured to me that UseLogin might be involved there=85

I'll have a look at it as well, thanks for your help Arthur.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7A4DFB0E-05E5-4147-B9D4-E797458D30F8>