Web lists-archives.com

Re: OpenSSH not closing idle sessions.




Greg Wooledge wrote:
> Most people want the exact opposite of that.

I don't really know the OP's rationale, but terminating an idle ssh
session is a step in the requirements/guidelines (STIG [1]) for
hardening systems for the US Department of Defense.

> Basically, what you're asking for is directly hostile to any kind of
> sane operation of a computer.

I'm not going to defend this requirement, merely showing one example
where one would want (or would have to) configure the ssh server this
way.

> > ClientAliveInterval 5

This is the setting that the STIG ID RHEL-07-040320 in [2] suggests to
edit.

Thomas

[1] https://iase.disa.mil/stigs
[2] https://rhel7stig.readthedocs.io/en/latest/medium.html#v-72237-all-network-connections-associated-with-ssh-traffic-must-terminate-at-the-end-of-the-session-or-after-10-minutes-of-inactivity-except-to-fulfill-documented-and-validated-mission-requirements-rhel-07-040320