LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-20-2005, 11:49 AM   #1
lil_drummaboy
Member
 
Registered: May 2003
Location: Victoria, CANADA!
Distribution: OpenBSD, Slackware, Debian
Posts: 85

Rep: Reputation: 15
run command on ssh inactivity?


Does anyone know if you can run a command on ssh inactivity? I want to auto-lock my ssh terminal after a few mins.

Thanks
 
Old 12-20-2005, 05:16 PM   #2
jrbush82
Member
 
Registered: Mar 2002
Location: Hampton, VA
Posts: 86

Rep: Reputation: 15
I read through the sshd_config man page, and this is what I have found:

ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been
received from the client, sshd will send a message through the
encrypted channel to request a response from the client. The default
is 0, indicating that these messages will not be sent to the client.
This option applies to protocol version 2 only.

ClientAliveCountMax
Sets the number of client alive messages (see above) which may be sent
without sshd receiving any messages back from the client. If this
threshold is reached while client alive messages are being sent, sshd
will disconnect the client, terminating the session. It is important
to note that the use of client alive messages is very different from
KeepAlive (below). The client alive messages are sent through the
encrypted channel and therefore will not be spoofable. The TCP
keepalive option enabled by KeepAlive is spoofable. The client alive
mechanism is valuable when the client or server depend on knowing when
a connection has become inactive.

The default value is 3. If ClientAliveInterval (above) is set to 15,
and ClientAliveCountMax is left at the default, unresponsive ssh
clients will be disconnected after approximately 45 seconds.

So if you are looking for say, a 5 minute timeout, set the ClientAliveInterval to 30, and then set the ClientAliveCountMax to 10. 10x30=300 seconds which is equal to 5 minutes.
 
Old 12-21-2005, 01:01 PM   #3
lil_drummaboy
Member
 
Registered: May 2003
Location: Victoria, CANADA!
Distribution: OpenBSD, Slackware, Debian
Posts: 85

Original Poster
Rep: Reputation: 15
i'm more looking to run "vlock" on inactivity. i want the client connected but password protected, i think my only way is to script this. Does anyone have any ideas on how a shell script could detect ssh inactivity?
 
Old 12-21-2005, 05:05 PM   #4
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86; Gentoo PPC; Gentoo Sparc64; FreeBSD; OS X; Solaris
Posts: 3,731
Blog Entries: 4

Rep: Reputation: 65
You could use say:
Code:
tcpdump -i eth0 port 22
piped to a file (using -w) and then tail -f it, and check for intervals between packets.

I am wondering though, are you just trying to protect the session physically? If so would not a password protected screensaver do the trick? If not using X, there may be similar tools for the console...
 
Old 12-23-2005, 11:01 AM   #5
lil_drummaboy
Member
 
Registered: May 2003
Location: Victoria, CANADA!
Distribution: OpenBSD, Slackware, Debian
Posts: 85

Original Poster
Rep: Reputation: 15
yeah, i use vlock (http://freshmeat.net/projects/vlock/) as a command line locking utility. It prompts for the current user's password and locks the terminal. I think tcpdump could be hard to implement in a shell script, at least for me. I think i will use a part of 'netstat' and check it until the status of the ssh session becomes inactive.
 
Old 12-23-2005, 11:36 AM   #6
lil_drummaboy
Member
 
Registered: May 2003
Location: Victoria, CANADA!
Distribution: OpenBSD, Slackware, Debian
Posts: 85

Original Poster
Rep: Reputation: 15
oops, netstat doesn't change the status when there is inactivity, nevermind.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Command to run another command against a list of files psweetma Linux - General 3 11-09-2005 05:29 PM
how to run GUI while logged in with ssh? kpachopoulos Linux - General 5 11-03-2004 04:28 PM
running a command after a set period of keyboard inactivity? Nocterro Linux - Software 3 09-03-2004 09:04 AM
How to run remote WinManager over ssh? aleet2600 Linux - Software 0 04-14-2004 06:05 PM
Run a WM through ssh X tunneling Tyir Linux - General 1 03-04-2004 12:06 AM


All times are GMT -5. The time now is 01:43 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration