From owner-freebsd-security Thu Jun 20 15:46:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from web10102.mail.yahoo.com (web10102.mail.yahoo.com [216.136.130.52]) by hub.freebsd.org (Postfix) with SMTP id 1573A37B403 for ; Thu, 20 Jun 2002 15:46:33 -0700 (PDT) Message-ID: <20020620224632.62118.qmail@web10102.mail.yahoo.com> Received: from [68.5.49.41] by web10102.mail.yahoo.com via HTTP; Thu, 20 Jun 2002 15:46:32 PDT Date: Thu, 20 Jun 2002 15:46:32 -0700 (PDT) From: twig les Subject: Re: SSH timeout settings To: jeremie le-hen Cc: freebsd-security@freebsd.org In-Reply-To: <20020621002254.B21286@rocco.epita.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Well I don't have the ClientAliveInterval option in my version of SSH (the one default installed in 4.4 release, not sure how to upgrade since pkg_info doesn't mention SSH) and the KeepAlive option isn't exactly what I'm looking for. BTW, under the ClientAliveInterval I noticed that it doesn't say that the server will kill the session if the client doesn't respond with activity (not just a connectivity test, I'm looking for activity). --- jeremie le-hen wrote: > > Hey all, I think this is an easy one masquerading > as a > > tough one.... My OpenSSH on my Free 4.4 Release > box > > just lets me keep an open session indefinitely > without > > any activity. I've read man sshd and all sorts of > > other things but no mention. > > > > So the short version is: where do I lower the > timeout > > of SSH? > > These two options from sshd(8) manual page may help > you (grabbed from my > 4.6-REALSE box -- "sshd version OpenSSH_2.9 FreeBSD > localisations 20020307") : > > ClientAliveInterval > Sets a timeout interval in seconds > after which if no data has > been received from the client, sshd > will send a message through > the encrypted channel to request a > response from the client. The > default is 0, indicating that these > messages will not be sent to > the client. This option applies to > protocol version 2 only. > > KeepAlive > Specifies whether the system should > send keepalive messages to > the other side. If they are sent, > death of the connection or > crash of one of the machines will be > properly noticed. However, > this means that connections will die if > the route is down tem- > porarily, and some people find it > annoying. On the other hand, > if keepalives are not sent, sessions > may hang indefinitely on the > server, leaving ``ghost'' users and > consuming server resources. > > The default is ``yes'' (to send > keepalives), and the server will > notice if the network goes down or the > client host reboots. This > avoids infinitely hanging sessions. > > To disable keepalives, the value should > be set to ``no'' in both > the server and the client configuration > files. > > -- > Jeremie aka TataZ > le-hen_j@epita.fr > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of > the message ===== ----------------------------------------------------------- Only fools have all the answers. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message