HPE Community
Operating System - Linux
1820270 Members
3233 Online
109622 Solutions
New Discussion юеВ

ssh - idle session timeout

 
Maaz
Valued Contributor

тАО08-27-2009 11:03 PM

тАО08-27-2009 11:03 PM

ssh - idle session timeout

openssh-4.2p1-18.38.3
SLES 10 SP2
# uname -r
2.6.16.60-0.21-smp

I want to disconnect those ssh clients, who are idle more then 14 mintues

On ssh server, in /etc/ssh/sshd_config

ClientAliveInterval 5
ClientAliveCountMax 3

then restart the ssh daemon.

from ssh client(another SLE 10 SP2 box), I logs on the server, and did nothing(idle) for 20 minutes, but session was valid/remain.

what I am missing, please help

Regards
Maaz


0 Kudos
Reply
5 REPLIES 5
Matti_Kurkela
Honored Contributor

тАО08-28-2009 12:12 AM

тАО08-28-2009 12:12 AM

Re: ssh - idle session timeout

Your ClientAliveInterval and ClientAliveCountMax settings would terminate the connection in 15 seconds if your user pulls the plug (network or power) on his/her workstation without first logging out from the server.

These settings have no effect if the network connection is OK and the user is just idle (or has walked away from his/her keyboard).

I assume you use the default "bash" as the standard shell for your users?
In that case, add this to your /etc/profile:

export TMOUT=840 # 14 minutes in seconds
typeset -r TMOUT

The second command makes the TMOUT variable read-only, so the users cannot disable the timeout.

Note that this timeout works only if the user has become idle when the session is at the shell prompt: if the user has started a program and then walked away, the idleness detection must happen within that program (because the OS and the shell won't know whether a program can be stopped without causing data loss).

MK
MK
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

тАО08-28-2009 04:57 AM

тАО08-28-2009 04:57 AM

Re: ssh - idle session timeout

For your case, probably you need to write an script to kill a process that is IDLE for the required time. Check the ouput of the "w" command to get the IDLE status and time. There are some scripts for doing this arround.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО08-30-2009 06:00 AM

тАО08-30-2009 06:00 AM

Re: ssh - idle session timeout

Shalom,

This change will not help.

TMEOUT variable in the shell will help with idle ssh sessions.

Once an application, even vi is run, TMEOUT will not help.

It is TIMEOUT in some distributions.

SEP
hpuxconsulting in yahoo messenger.
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Maaz
Valued Contributor

тАО08-30-2009 10:35 PM

тАО08-30-2009 10:35 PM

Re: ssh - idle session timeout

Hi Matti Kurkela

>These settings have no effect if the network connection is OK and the user is
>just idle (or has walked away from his/her keyboard).
Thanks for explaining. But how do you find this explanation ;) ? .


>Note that this timeout works only if the user has become idle when the
>session is at the shell prompt: if the user has started a program and then
>walked away, the idleness detection must happen within that program

then whats the solution ?
actually we need to lock and/or disconnect the idle users.
we normally logs on the server via ssh, but some users also logs on via vnc.

so if a user run vi(or any other program) and left his/her seat, then TMOUT is not a solution.

so is there any good solution ?

Hi Ivan Ferreira
>For your case, probably you need to write an script to kill a process that is
>IDLE for the required time.
you mean script will first kill the processes belongs to the idle user, and
then TMOUT will automatically logout the user ? because I just dont want to
kill idle user processes, but also disconnect those users too.

>There are some scripts for doing this arround.
please share ;)

Hi Steven E. Protter, thanks for the help

Regards
Maaz
0 Kudos
Reply
Maaz
Valued Contributor

тАО09-13-2009 09:50 PM

тАО09-13-2009 09:50 PM

Re: ssh - idle session timeout

>>want to disconnect those ssh clients, who are idle more then 14 mintues

here is the solution ... following works ;-)

ClientAliveInterval 900
ClientAliveCountMax 0

Matti Kurkela
>These settings have no effect if the network
>connection is OK and the user is just idle >or
>has walked away from his/her keyboard).
Dear, the above setting will disconnect the idle session of the user... even if the network connection is OK

thanks for help

Regards
Maaz
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.