Fwd: Re: SSH timeout logoff don't work!
Loïc Grenié thanks!! Work well! I was trying to do a script exactly like your script! Thanks and again thanks! --- Begin Message --- Hi, Le mar. 21 juin 2022 à 10:14, Conti Stefano a écrit : > Hello! In My Debian 11 SSH timeout logoff not work! I must put in .bashrc > of my user: TMOUT=600 to loogut after 10 minutes. Work, of course, but > close all bash terminal! > > This is my sshd_config with info for timeout: > > TCPKeepAlive no > ClientAliveInterval 600 > ClientAliveCountMax 0 > > Any suggest? > Maybe if [ "$(ps -o comm $PPID | tail -1)" = sshd ]; then TMOUT=600; fi This is not foolproof, but it should work if you do not abuse the system. Hope this helps, Loïc --- End Message ---
Re: SSH timeout logoff don't work!
Hi, Le mar. 21 juin 2022 à 10:14, Conti Stefano a écrit : > Hello! In My Debian 11 SSH timeout logoff not work! I must put in .bashrc > of my user: TMOUT=600 to loogut after 10 minutes. Work, of course, but > close all bash terminal! > > This is my sshd_config with info for timeout: > > TCPKeepAlive no > ClientAliveInterval 600 > ClientAliveCountMax 0 > > Any suggest? > Maybe if [ "$(ps -o comm $PPID | tail -1)" = sshd ]; then TMOUT=600; fi This is not foolproof, but it should work if you do not abuse the system. Hope this helps, Loïc
Re: : SSH timeout logoff don't work!
Le mardi 21 juin 2022 à 23:40 +0200, didier gaumet a écrit : [...] > - if you want to restrict the time of ssh connection and are in > position to modify the ssh command they use (an alias in their bashrc > for example?), perhaps you can try to force the ssh -o option with > the ConnectTimeout parameter (see ssh manpage). I have never done it > myself, so I don't know if it can solve your problem. Too quick to post: I just checked the ssh_config manpage and this ConnectTimeout parameter is only relative to the time to establish the connection, so no cigar.
Re: : SSH timeout logoff don't work!
Le mardi 21 juin 2022 à 12:52 +0200, Conti Stefano a écrit : > If I put ClientAliveCountMax 1 with ClientAliveInterval 600 timeout > is 1200 inmy Debian 11. I have try all combinations but at the moment > nothing happen; session stay alive! There is somethng but i don't > understand what keep alive the session... - just in case: do you restart sshd after modifying its setup? - As Greg Wooledge as stated, use of these sshd parameters is to permit closing of unresponsive or hung connections, not ordinary and responsive connections - if you want to restrict the time of ssh connection and are in position to modify the ssh command they use (an alias in their bashrc for example?), perhaps you can try to force the ssh -o option with the ConnectTimeout parameter (see ssh manpage). I have never done it myself, so I don't know if it can solve your problem.
Re: SSH timeout logoff don't work!
On Tue, Jun 21, 2022 at 6:04 AM Greg Wooledge wrote: > On Tue, Jun 21, 2022 at 10:05:43AM +0200, Conti Stefano wrote: > > Hello! In My Debian 11 SSH timeout logoff not work! I must put in > > .bashrc of my user: TMOUT=600 to loogut after 10 minutes. Work, of > > course, but close all bash terminal! > > > > This is my sshd_config with info for timeout: > > > > TCPKeepAlive no > > ClientAliveInterval 600 > > ClientAliveCountMax 0 > > Those settings *are not* supposed to close an idle ssh session. Nothing > in ssh is supposed to close an idle session. There isn't any facility > to do that, because it's entirely contrary to the design of ssh. > > Your TMOUT solution is the standard way to appease the managerial morons > who are asking this of you. Well, it's one of the standard ways. The other is to let the network admins do it instead. > It asks the shell to terminate if it's > sitting idle for however many seconds you specify. If the shell closes, > then the ssh session is free to close as well, assuming there are no > active tunneling connections, etc. > >
Re: SSH timeout logoff don't work!
On Tue, Jun 21, 2022 at 02:02:38PM +0200, Conti Stefano wrote: > Excuse me but i sure you that i use this practice from many years and > always work in the past. I've a other distro, an "old" Debian 9 and a > Centos 7 with SSH version 7.4p1 and i'm sure work all well because i > put ClientAliveInterval 15 and after 15 seconds SSH session closed! sshd_config(5) says: ClientAliveInterval Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client. Nothing here relates to *idle* sessions. If you scroll up to the previous section: ClientAliveCountMax Sets the number of client alive messages which may be sent with‐ out sshd(8) receiving any messages back from the client. [...] The default value is 3. If ClientAliveInterval is set to 15, and ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds. Setting a zero ClientAliveCountMax disables connection termina‐ tion. This still doesn't relate to idle sessions. It's there to remove *non-responsive* sessions -- ones where the client has crashed, or where the network connection between the client and server has stopped transmitting packets.
SSH timeout logoff don't work!
Excuse me but i sure you that i use this practice from many years and always work in the past. I've a other distro, an "old" Debian 9 and a Centos 7 with SSH version 7.4p1 and i'm sure work all well because i put ClientAliveInterval 15 and after 15 seconds SSH session closed! However thanks for your time of course! On Tue, Jun 21, 2022 at 10:05:43AM +0200, Conti Stefano wrote: > Hello! In My Debian 11 SSH timeout logoff not work! I must put in > .bashrc of my user: TMOUT=600 to loogut after 10 minutes. Work, of > course, but close all bash terminal! > > This is my sshd_config with info for timeout: > > TCPKeepAlive no > ClientAliveInterval 600 > ClientAliveCountMax 0 Those settings *are not* supposed to close an idle ssh session. Nothing in ssh is supposed to close an idle session. There isn't any facility to do that, because it's entirely contrary to the design of ssh. Your TMOUT solution is the standard way to appease the managerial morons who are asking this of you. It asks the shell to terminate if it's sitting idle for however many seconds you specify. If the shell closes, then the ssh session is free to close as well, assuming there are no active tunneling connections, etc.
Re: SSH timeout logoff don't work!
On Tue, Jun 21, 2022 at 10:05:43AM +0200, Conti Stefano wrote: > Hello! In My Debian 11 SSH timeout logoff not work! I must put in > .bashrc of my user: TMOUT=600 to loogut after 10 minutes. Work, of > course, but close all bash terminal! > > This is my sshd_config with info for timeout: > > TCPKeepAlive no > ClientAliveInterval 600 > ClientAliveCountMax 0 Those settings *are not* supposed to close an idle ssh session. Nothing in ssh is supposed to close an idle session. There isn't any facility to do that, because it's entirely contrary to the design of ssh. Your TMOUT solution is the standard way to appease the managerial morons who are asking this of you. It asks the shell to terminate if it's sitting idle for however many seconds you specify. If the shell closes, then the ssh session is free to close as well, assuming there are no active tunneling connections, etc.
: SSH timeout logoff don't work!
If I put ClientAliveCountMax 1 with ClientAliveInterval 600 timeout is 1200 inmy Debian 11. I have try all combinations but at the moment nothing happen; session stay alive! There is somethng but i don't understand what keep alive the session... --- Begin Message --- Le mardi 21 juin 2022 à 10:05 +0200, Conti Stefano a écrit : > Hello! In My Debian 11 SSH timeout logoff not work! I must put in > .bashrc of my user: TMOUT=600 to loogut after 10 minutes. Work, of > course, but close all bash terminal! > > This is my sshd_config with info for timeout: > > TCPKeepAlive no > ClientAliveInterval 600 > ClientAliveCountMax 0 > > Any suggest? Disclaimer: I am not knowledgeable in ssh/sshd matters If I am not wrong, from what I understand from sshd_config manpage: https://manpages.debian.org/bullseye/openssh-server/sshd_config.5.en.html this behavior is what it is supposed to be: DisconnectionDelay=ClientAliveInterval*ClientAliveCountMax (times expressed in seconds) ClientAliveCountMax set to 0 disables disconnection and is set by default to 3. For example, to have a 10mn disconnection delay, you could set: - ClientAliveCountMax to 3 (default) and ClientAliveInterval to 200 - ClientAliveCountMax to 1 and ClientAliveInterval to 600 - ClientAliveCountMax to 10 and ClientAliveInterval to 60 ... --- End Message ---
Re: SSH timeout logoff don't work!
Le mardi 21 juin 2022 à 10:05 +0200, Conti Stefano a écrit : > Hello! In My Debian 11 SSH timeout logoff not work! I must put in > .bashrc of my user: TMOUT=600 to loogut after 10 minutes. Work, of > course, but close all bash terminal! > > This is my sshd_config with info for timeout: > > TCPKeepAlive no > ClientAliveInterval 600 > ClientAliveCountMax 0 > > Any suggest? Disclaimer: I am not knowledgeable in ssh/sshd matters If I am not wrong, from what I understand from sshd_config manpage: https://manpages.debian.org/bullseye/openssh-server/sshd_config.5.en.html this behavior is what it is supposed to be: DisconnectionDelay=ClientAliveInterval*ClientAliveCountMax (times expressed in seconds) ClientAliveCountMax set to 0 disables disconnection and is set by default to 3. For example, to have a 10mn disconnection delay, you could set: - ClientAliveCountMax to 3 (default) and ClientAliveInterval to 200 - ClientAliveCountMax to 1 and ClientAliveInterval to 600 - ClientAliveCountMax to 10 and ClientAliveInterval to 60 ...
SSH timeout logoff don't work!
Hello! In My Debian 11 SSH timeout logoff not work! I must put in .bashrc of my user: TMOUT=600 to loogut after 10 minutes. Work, of course, but close all bash terminal! This is my sshd_config with info for timeout: TCPKeepAlive no ClientAliveInterval 600 ClientAliveCountMax 0 Any suggest?