From owner-freebsd-questions@FreeBSD.ORG Fri May 3 15:05:42 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 053738F1 for ; Fri, 3 May 2013 15:05:42 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) by mx1.freebsd.org (Postfix) with ESMTP id 9325416BC for ; Fri, 3 May 2013 15:05:41 +0000 (UTC) Received: by mail-wi0-f181.google.com with SMTP id ey16so713214wid.8 for ; Fri, 03 May 2013 08:05:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=8AOk5pgB2oph/d/QmRsqGAqM+sC5ToEJ1jjfmPFjssY=; b=aOFgAfvseX/5AA69K89rb5aaj2jnjmHACRBzGmS5dWQfeIlyJVSVJaMPt0hsUkgms5 48dMcA4joTEiuVWwUDEG9ztN/fsuIZ8uXHgvn8zpGrv37Tp06cPGFc/5n0eNB98T3N9T C6dNak7mNBD3nn9KPe+Cx676XaemWBHEHeO98mcQRQ9lJXQxquqA+fUO8w6oQn/iOicv blaH/LslIFTlNn4+59ZjaM4YopkhAge5T/IQcdimDnm2jcxbLt+b/+CI7AA8UfCX7KKf waPObJwHLTp0cysqp6Pb9cgipmYM2KA/jGaYPPHy8qM5bayX7FaVKGn3HHDNCfLsiBU2 IMDA== X-Received: by 10.180.94.196 with SMTP id de4mr13875340wib.23.1367593540799; Fri, 03 May 2013 08:05:40 -0700 (PDT) Received: from dfleuriot.paris.hi-media-techno.com ([83.167.62.196]) by mx.google.com with ESMTPSA id q20sm17651354wiv.7.2013.05.03.08.05.39 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 03 May 2013 08:05:39 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\)) Subject: Re: sshd - time out idle connections From: Fleuriot Damien In-Reply-To: <5183CEF5.1070604@ssimicro.com> Date: Fri, 3 May 2013 17:05:38 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <13EF2CCE-397D-4456-A553-B331D9314C26@my.gd> References: <1698EAB7-4B40-466D-98CB-782E9E494578@my.gd> <5183CEF5.1070604@ssimicro.com> To: markham breitbach X-Mailer: Apple Mail (2.1503) X-Gm-Message-State: ALoCoQnrdtfBoBVBZAgpCVgR2efJUSqfTteNkeXMQP56cOl7sSvesAIOO3eiMrtYYHkwhXww7urz Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 May 2013 15:05:42 -0000 Thanks for your response Markham, I'm afraid labor law is much too protective here for us to be able to = "educate" users in this way ;) Your idea to run a cron job every X minutes has merit though, I'll try = and check into that ! On May 3, 2013, at 4:51 PM, markham breitbach = wrote: > Depending on the shell you are using, you may be able to set that to = auto-logout, or you > could set a cron job to run every 5 minutes and terminate tty's with > = 5min idle time. >=20 > Honestly though, you will rarely find a good technical solution to a = social > problem--there's always a work-around--and this is a social problem. = If there is a > company security policy stating that ssh sessions are not to be left = idling > 5 min, then > make sure everyone is aware of this policy and start handing out pink = slips to people that > violate it. >=20 > -M >=20 >=20 > On 13-05-03 8:28 AM, Fleuriot Damien wrote: >> Hello list, >>=20 >>=20 >>=20 >> I'm facing this unusual demand at work where we need to time out idle = SSH connections for security purposes. >>=20 >> I've checked the following options from sshd_config but none seems to = fit my needs : >> TCPKeepAlive >> ClientAliveCountMax >> ClientAliveInterval >>=20 >>=20 >> Basically, I'm trying to defeat the use of the following client-side = option: >> ServerAliveInterval 5 >>=20 >>=20 >> I'm afraid all I've hit now is dead ends. >>=20 >>=20 >> Has anyone ever had the same requirements before and, perhaps, found = a solution to this ? >>=20 >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org" >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org"