Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 03 May 2013 16:16:07 +0100
From:      Arthur Chance <freebsd@qeng-ho.org>
To:        Fleuriot Damien <ml@my.gd>
Cc:        FreeBSD questions <freebsd-questions@freebsd.org>
Subject:   Re: sshd - time out idle connections
Message-ID:  <5183D4B7.9050204@qeng-ho.org>
In-Reply-To: <1698EAB7-4B40-466D-98CB-782E9E494578@my.gd>
References:  <1698EAB7-4B40-466D-98CB-782E9E494578@my.gd>

next in thread | previous in thread | raw e-mail | index | archive | help
On 05/03/13 15:28, Fleuriot Damien wrote:
> Hello list,
>
>
>
> I'm facing this unusual demand at work where we need to time out idle SSH connections for security purposes.
>
> I've checked the following options from sshd_config but none seems to fit my needs :
> TCPKeepAlive
> ClientAliveCountMax
> ClientAliveInterval
>
>
> Basically, I'm trying to defeat the use of the following client-side option:
> ServerAliveInterval 5
>
>
> I'm afraid all I've hit now is dead ends.
>
>
> Has anyone ever had the same requirements before and, perhaps, found a solution to this ?

There's an idletime parameter in login.conf which will log out idle 
users. Normally sshd bypasses login, but the sshd config parameter 
UseLogin can change that, although it disables X11Forwarding.

Note: this is all from a quick perusal of the source and manuals, I've 
not done it myself.

-- 
In the dungeons of Mordor, Sauron bred Orcs with LOLcats to create a
new race of servants. Called Uruk-Oh-Hai in the Black Speech, they
were cruel and delighted in torturing spelling and grammar.

		_Lord of the Rings 2.0, the Web Edition_



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5183D4B7.9050204>