Idle or unattended session could be unsecured and we should set some timeout, so that if user is not using its own
SSHD session that should disconnect after some time. In SSH configuration we
have derivatives that can like same.
First we have to understand how these works. Let's see an examples in which session would disconnect after 3 minutes of idle.
ClientAliveInterval
60
ClientAliveCountMax
3
Examplnantion of these derivatives
ClientAliveCountMax -- This is Client Alive Messages which sent if SSH not received any messages back from the client. After threshold reached client alive messages are being sent, sshd will disconnect the client, terminating the session.The client alive messages are sent through the encrypted channel and therefore will not be spoofable.
ClientAliveInterval -- This is timeout interval after which if no data has been received from the client SSH server will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client.
So after every 60
seconds(ClientAliveInterval) SSH server will send will send a message through
the encrypted channel to request a response from the client. This wil repeat
for 3 times means after 3 minutes session get disconnect if there is no
response from client.
After editing SSH configuration file
/etc/ssh/sshd_config, restart SSH service
###
In case of RHEL 4,5 and 6###
#service sshd restart
###
In case of RHEL7###
#systemctl restart sshd
No comments:
Post a Comment