Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I read through the sshd_config man page, and this is what I have found:
Sets a timeout interval in seconds after which if no data has been
received from the client, sshd will send a message through the
encrypted channel to request a response from the client. The default
is 0, indicating that these messages will not be sent to the client.
This option applies to protocol version 2 only.
Sets the number of client alive messages (see above) which may be sent
without sshd receiving any messages back from the client. If this
threshold is reached while client alive messages are being sent, sshd
will disconnect the client, terminating the session. It is important
to note that the use of client alive messages is very different from
KeepAlive (below). The client alive messages are sent through the
encrypted channel and therefore will not be spoofable. The TCP
keepalive option enabled by KeepAlive is spoofable. The client alive
mechanism is valuable when the client or server depend on knowing when
a connection has become inactive.
The default value is 3. If ClientAliveInterval (above) is set to 15,
and ClientAliveCountMax is left at the default, unresponsive ssh
clients will be disconnected after approximately 45 seconds.
So if you are looking for say, a 5 minute timeout, set the ClientAliveInterval to 30, and then set the ClientAliveCountMax to 10. 10x30=300 seconds which is equal to 5 minutes.
i'm more looking to run "vlock" on inactivity. i want the client connected but password protected, i think my only way is to script this. Does anyone have any ideas on how a shell script could detect ssh inactivity?
piped to a file (using -w) and then tail -f it, and check for intervals between packets.
I am wondering though, are you just trying to protect the session physically? If so would not a password protected screensaver do the trick? If not using X, there may be similar tools for the console...
yeah, i use vlock (http://freshmeat.net/projects/vlock/) as a command line locking utility. It prompts for the current user's password and locks the terminal. I think tcpdump could be hard to implement in a shell script, at least for me. I think i will use a part of 'netstat' and check it until the status of the ssh session becomes inactive.