LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   run command on ssh inactivity? (https://www.linuxquestions.org/questions/linux-security-4/run-command-on-ssh-inactivity-394921/)

lil_drummaboy 12-20-2005 11:49 AM
run command on ssh inactivity?
 
Does anyone know if you can run a command on ssh inactivity? I want to auto-lock my ssh terminal after a few mins.

Thanks

jrbush82 12-20-2005 05:16 PM
I read through the sshd_config man page, and this is what I have found:

ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been
received from the client, sshd will send a message through the
encrypted channel to request a response from the client. The default
is 0, indicating that these messages will not be sent to the client.
This option applies to protocol version 2 only.

ClientAliveCountMax
Sets the number of client alive messages (see above) which may be sent
without sshd receiving any messages back from the client. If this
threshold is reached while client alive messages are being sent, sshd
will disconnect the client, terminating the session. It is important
to note that the use of client alive messages is very different from
KeepAlive (below). The client alive messages are sent through the
encrypted channel and therefore will not be spoofable. The TCP
keepalive option enabled by KeepAlive is spoofable. The client alive
mechanism is valuable when the client or server depend on knowing when
a connection has become inactive.

The default value is 3. If ClientAliveInterval (above) is set to 15,
and ClientAliveCountMax is left at the default, unresponsive ssh
clients will be disconnected after approximately 45 seconds.

So if you are looking for say, a 5 minute timeout, set the ClientAliveInterval to 30, and then set the ClientAliveCountMax to 10. 10x30=300 seconds which is equal to 5 minutes.

lil_drummaboy 12-21-2005 01:01 PM
i'm more looking to run "vlock" on inactivity. i want the client connected but password protected, i think my only way is to script this. Does anyone have any ideas on how a shell script could detect ssh inactivity?

bulliver 12-21-2005 05:05 PM
You could use say:
Code:
tcpdump -i eth0 port 22
piped to a file (using -w) and then tail -f it, and check for intervals between packets.

I am wondering though, are you just trying to protect the session physically? If so would not a password protected screensaver do the trick? If not using X, there may be similar tools for the console...

lil_drummaboy 12-23-2005 11:01 AM
yeah, i use vlock (http://freshmeat.net/projects/vlock/) as a command line locking utility. It prompts for the current user's password and locks the terminal. I think tcpdump could be hard to implement in a shell script, at least for me. I think i will use a part of 'netstat' and check it until the status of the ssh session becomes inactive.

lil_drummaboy 12-23-2005 11:36 AM
oops, netstat doesn't change the status when there is inactivity, nevermind.

jds2726 12-15-2020 11:27 AM
Quote:
Originally Posted by lil_drummaboy (Post 2013225)
yeah, i use vlock (http://freshmeat.net/projects/vlock/) as a command line locking utility. It prompts for the current user's password and locks the terminal. I think tcpdump could be hard to implement in a shell script, at least for me. I think i will use a part of 'netstat' and check it until the status of the ssh session becomes inactive.
I'm looking for the exact same solution as you are. Did you ever find/create a solution?


All times are GMT -5. The time now is 04:03 AM.