From owner-freebsd-security  Thu Jun 20 18:31: 6 2002
Delivered-To: freebsd-security@freebsd.org
Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74])
	by hub.freebsd.org (Postfix) with ESMTP id 0B2E937B40B
	for <freebsd-security@freebsd.org>; Thu, 20 Jun 2002 18:31:02 -0700 (PDT)
Received: from user-2iniu5b.dialup.mindspring.com ([165.121.120.171] helo=earthlink.net)
	by falcon.mail.pas.earthlink.net with esmtp (Exim 3.33 #2)
	id 17LDGM-0000Pj-00; Thu, 20 Jun 2002 18:30:59 -0700
Message-ID: <3D1281DE.5000804@earthlink.net>
Date: Thu, 20 Jun 2002 18:31:10 -0700
From: Lawrence Sica <lomifeh@earthlink.net>
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.0.0) Gecko/20020529
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: twig les <twigles@yahoo.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: SSH timeout settings
References: <20020620214512.42806.qmail@web10101.mail.yahoo.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

twig les wrote:
> Hey all, I think this is an easy one masquerading as a
> tough one....  My OpenSSH on my Free 4.4 Release box
> just lets me keep an open session indefinitely without
> any activity.  I've read man sshd and all sorts of
> other things but no mention.
> 
> So the short version is: where do I lower the timeout
> of SSH?
> 


If you are using login with ssh, then you can modify login.conf:

from man 5 login.conf

idletime 
        time		   Maximum idle time before logout.

Read the manpage for more info and don't forget to run cap_mkdb if you 
change login.conf.


Within sshd itself :

You need to add this to /etc/ssh/sshd_config:

ClientAliveInterval n

Where n is the nuber of seconds.  0 (default) is unlimited and implied.

I'd use the sshd_config option and not login, but i don't use login w/ 
ssh.

HTH

--Larry


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message