Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Terminate SSH session after a period of inactivity time
« previous
next »
Print
Pages: [
1
]
Author
Topic: Terminate SSH session after a period of inactivity time (Read 2049 times)
yota
Newbie
Posts: 1
Karma: 0
Terminate SSH session after a period of inactivity time
«
on:
March 17, 2021, 09:37:55 am »
Hello everyone!
I am hardening OPNsense 21.2.2; right now, I am working in SSH, but I cannot find a way to terminate an SSH session after a period of inactivity time from the user.
I have found in the sshd_config which is located in the /usr/local/etc/ssh/ directory, the following parameter:
ClientAliveInterval 30
But this is not working... using ssh with -vvv (verbosity), it looks like every 30 seconds, OPNsense sends a message to the client to check that it is alive, the SSH client answer automatically, and the connection is never closed!
I intend that after 10 mins of not using the SSH connection, OPNsense closes it automatically. Any help on this point?
Thanks a lot!
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Terminate SSH session after a period of inactivity time
«
Reply #1 on:
March 17, 2021, 04:17:53 pm »
hi
you can try with
ClientAliveInterval 10m
ClientAliveCountMax 0
<- error. this disables sessions termination at all. will update answer with pf rules
but this will only work if the client is not configured to send their own keepalives
UPD
workes with:
1. Add pass-rule for GUI on pf *
2. Add pass-rule for SSH on pf with state timeout set to 600 *
* try not to shoot yourself in the foot with 'reply-to'
3. disable anti-lockout rules
4. set
ClientAliveInterval 12m
ClientAliveCountMax 1
in /usr/local/etc/inc/plugins.inc.d/openssh.inc
tcp state will be killed by pf after 10 min inactivity
SSHD will terminate session 2 min later
but this will only work if the client is not configured to send their own keepalives
not so beautiful solution. there must be some script
«
Last Edit: March 17, 2021, 09:20:39 pm by Fright
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Terminate SSH session after a period of inactivity time