Hello everyone!
I am hardening OPNsense 21.2.2; right now, I am working in SSH, but I cannot find a way to terminate an SSH session after a period of inactivity time from the user.
I have found in the sshd_config which is located in the /usr/local/etc/ssh/ directory, the following parameter:
ClientAliveInterval 30
But this is not working... using ssh with -vvv (verbosity), it looks like every 30 seconds, OPNsense sends a message to the client to check that it is alive, the SSH client answer automatically, and the connection is never closed!
I intend that after 10 mins of not using the SSH connection, OPNsense closes it automatically. Any help on this point?
Thanks a lot!
hi
you can try with
ClientAliveInterval 10m
ClientAliveCountMax 0 <- error. this disables sessions termination at all. will update answer with pf rules
but this will only work if the client is not configured to send their own keepalives
UPD
workes with:
1. Add pass-rule for GUI on pf *
2. Add pass-rule for SSH on pf with state timeout set to 600 *
* try not to shoot yourself in the foot with 'reply-to'
3. disable anti-lockout rules
4. set
ClientAliveInterval 12m
ClientAliveCountMax 1
in /usr/local/etc/inc/plugins.inc.d/openssh.inc
tcp state will be killed by pf after 10 min inactivity
SSHD will terminate session 2 min later
but this will only work if the client is not configured to send their own keepalives
not so beautiful solution. there must be some script