Date: Thu, 20 Jun 2002 15:46:32 -0700 (PDT) From: twig les <twigles@yahoo.com> To: jeremie le-hen <le-hen_j@epita.fr> Cc: freebsd-security@freebsd.org Subject: Re: SSH timeout settings Message-ID: <20020620224632.62118.qmail@web10102.mail.yahoo.com> In-Reply-To: <20020621002254.B21286@rocco.epita.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Well I don't have the ClientAliveInterval option in my version of SSH (the one default installed in 4.4 release, not sure how to upgrade since pkg_info doesn't mention SSH) and the KeepAlive option isn't exactly what I'm looking for. BTW, under the ClientAliveInterval I noticed that it doesn't say that the server will kill the session if the client doesn't respond with activity (not just a connectivity test, I'm looking for activity). --- jeremie le-hen <le-hen_j@epita.fr> wrote: > > Hey all, I think this is an easy one masquerading > as a > > tough one.... My OpenSSH on my Free 4.4 Release > box > > just lets me keep an open session indefinitely > without > > any activity. I've read man sshd and all sorts of > > other things but no mention. > > > > So the short version is: where do I lower the > timeout > > of SSH? > > These two options from sshd(8) manual page may help > you (grabbed from my > 4.6-REALSE box -- "sshd version OpenSSH_2.9 FreeBSD > localisations 20020307") : > > ClientAliveInterval > Sets a timeout interval in seconds > after which if no data has > been received from the client, sshd > will send a message through > the encrypted channel to request a > response from the client. The > default is 0, indicating that these > messages will not be sent to > the client. This option applies to > protocol version 2 only. > > KeepAlive > Specifies whether the system should > send keepalive messages to > the other side. If they are sent, > death of the connection or > crash of one of the machines will be > properly noticed. However, > this means that connections will die if > the route is down tem- > porarily, and some people find it > annoying. On the other hand, > if keepalives are not sent, sessions > may hang indefinitely on the > server, leaving ``ghost'' users and > consuming server resources. > > The default is ``yes'' (to send > keepalives), and the server will > notice if the network goes down or the > client host reboots. This > avoids infinitely hanging sessions. > > To disable keepalives, the value should > be set to ``no'' in both > the server and the client configuration > files. > > -- > Jeremie aka TataZ > le-hen_j@epita.fr > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of > the message ===== ----------------------------------------------------------- Only fools have all the answers. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020620224632.62118.qmail>