From owner-freebsd-security Sat Jun 22 4:34:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from gs166.sp.cs.cmu.edu (GS166.SP.CS.CMU.EDU [128.2.205.169]) by hub.freebsd.org (Postfix) with SMTP id 722AE37B400 for ; Sat, 22 Jun 2002 04:34:21 -0700 (PDT) To: Lawrence Sica Cc: twig les , freebsd-security@FreeBSD.ORG Subject: Re: SSH timeout settings References: <20020620214512.42806.qmail@web10101.mail.yahoo.com> <3D1281DE.5000804@earthlink.net> From: Dan Pelleg Date: 22 Jun 2002 07:33:37 -0400 In-Reply-To: <3D1281DE.5000804@earthlink.net> Message-ID: Lines: 36 User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Lawrence Sica writes: > twig les wrote: > > Hey all, I think this is an easy one masquerading as a > > tough one.... My OpenSSH on my Free 4.4 Release box > > just lets me keep an open session indefinitely without > > any activity. I've read man sshd and all sorts of > > other things but no mention. > > So the short version is: where do I lower the timeout > > > of SSH? > > > > > > If you are using login with ssh, then you can modify login.conf: > > from man 5 login.conf > > idletime time Maximum idle time before logout. > > > Read the manpage for more info and don't forget to run cap_mkdb if you > change login.conf. > Does this actually work for you? There have been reports by different people that this is a no-op. A very old PR (conf/9874) suggests it was never implemented and should be removed from the manpage. The are at least two ports (blimitd and idled) that claim to enforce this limit - I've tried neither. -- Dan Pelleg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message