From owner-freebsd-questions@FreeBSD.ORG Fri May 3 15:23:08 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 1DA3A725 for ; Fri, 3 May 2013 15:23:08 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-wg0-x234.google.com (mail-wg0-x234.google.com [IPv6:2a00:1450:400c:c00::234]) by mx1.freebsd.org (Postfix) with ESMTP id ABBFA183E for ; Fri, 3 May 2013 15:23:07 +0000 (UTC) Received: by mail-wg0-f52.google.com with SMTP id k13so1664883wgh.31 for ; Fri, 03 May 2013 08:23:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=tpqOENQ21XpM2I2MQ3zZEFxxnC3YZS74KnGsjtmrl3U=; b=lCo0qzGZIlgc0qvjkAMGHNNIiHghFodtfHeQl7W6o4gv7SdbllamfsT02FGDJbotCO rYvzaZ0xPdFbYj2st/VPs6y5e+PzM09bY0NcClqWb+4FmtbbTDB759Wnv23dZE6xRvq2 E+yaOs4pFlRUPAZh9hv4wvqpoiktfT/3h1kFSLFfU7zk9nkE2SjUiNp0k7o2XeaNg46V QI1ALnzvvHXql3UioXqrFOAf92Hp/Ez5/1iLr0sEmoUL5Q8Xl9lXLG3pbR1v9hZ5YiFN 0UfM7rfB/cKxUI6ZvKWr/HgeYUegexPXa/uMoXlL+DAm2wb7SZldG3ISfDQPB72i4Tlw o3dw== X-Received: by 10.180.212.46 with SMTP id nh14mr30441284wic.26.1367594586813; Fri, 03 May 2013 08:23:06 -0700 (PDT) Received: from dfleuriot.paris.hi-media-techno.com ([83.167.62.196]) by mx.google.com with ESMTPSA id m14sm19727372wij.9.2013.05.03.08.23.05 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 03 May 2013 08:23:05 -0700 (PDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\)) Subject: Re: sshd - time out idle connections From: Fleuriot Damien In-Reply-To: <5183D4B7.9050204@qeng-ho.org> Date: Fri, 3 May 2013 17:23:05 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <7A4DFB0E-05E5-4147-B9D4-E797458D30F8@my.gd> References: <1698EAB7-4B40-466D-98CB-782E9E494578@my.gd> <5183D4B7.9050204@qeng-ho.org> To: Arthur Chance X-Mailer: Apple Mail (2.1503) X-Gm-Message-State: ALoCoQk1kZbut483KIpInm1EDTsh9LcIhnbPiXipFdqcr1WDqk7UKsgqc2VZvdRwDOimkdOeVgs1 Cc: FreeBSD questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 May 2013 15:23:08 -0000 On May 3, 2013, at 5:16 PM, Arthur Chance wrote: > On 05/03/13 15:28, Fleuriot Damien wrote: >> Hello list, >>=20 >>=20 >>=20 >> I'm facing this unusual demand at work where we need to time out idle = SSH connections for security purposes. >>=20 >> I've checked the following options from sshd_config but none seems to = fit my needs : >> TCPKeepAlive >> ClientAliveCountMax >> ClientAliveInterval >>=20 >>=20 >> Basically, I'm trying to defeat the use of the following client-side = option: >> ServerAliveInterval 5 >>=20 >>=20 >> I'm afraid all I've hit now is dead ends. >>=20 >>=20 >> Has anyone ever had the same requirements before and, perhaps, found = a solution to this ? >=20 > There's an idletime parameter in login.conf which will log out idle = users. Normally sshd bypasses login, but the sshd config parameter = UseLogin can change that, although it disables X11Forwarding. >=20 > Note: this is all from a quick perusal of the source and manuals, I've = not done it myself. >=20 > --=20 > In the dungeons of Mordor, Sauron bred Orcs with LOLcats to create a > new race of servants. Called Uruk-Oh-Hai in the Black Speech, they > were cruel and delighted in torturing spelling and grammar. >=20 > _Lord of the Rings 2.0, the Web Edition_ I've already tried using login.conf 's idle timeout option and was sad = indeed that it didn't apply to SSH connections. It never occured to me that UseLogin might be involved there=85 I'll have a look at it as well, thanks for your help Arthur.