STANDARDIZING ADMINISTRATOR SSH SESSION TIMEOUTS

May 27, 2015 | Filed Under: Check PointCisco ASAJuniper ScreenOSOperationsSecurity

Idle SSH session timeouts can put you in a grumpy mood.  Let’s standardize them across your devices.  We like 30 minutes as it seems to be a sweet spot for the brain to say, well, it has been 30 minutes since I’ve done anything, so it’s ok to be disconnected.

 

JUNIPER SCREENOS

This one is odd as it is not a specific command for SSH.  Juniper provides you with a web timeout and a console timeout.  The web timeout is specific for the WebUI and the console timeout is for SSH and console.  No, you are not allowed to use telnet anymore!

CN-SSG5-A-> set console timeout 30

 

CISCO

CN-5510-A/act(config)# ssh timeout 30

 

CHECK POINT GAIA/SPLAT/IPSO

SPLAT

[[email protected]]# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig;echo “#SSH Timeout Settings” >> /etc/ssh/sshd_config;echo ClientAliveInterval 1800 >> /etc/ssh/sshd_config;echo ClientAliveCountMax 0 >> /etc/ssh/sshd_config;service sshd restart

Gaia/IPSO

[[email protected]]# clish -c “set inactivity-timeout 30” ; clish -c “save config”

CN-IP290-4[admin]# clish -c “set inactivity-timeout 30” ; clish -c “save config”

 

Now time to celebrate another flawless victory with coffee.