STANDARDIZING ADMINISTRATOR SSH SESSION TIMEOUTS
May 27, 2015 | Filed Under: Check PointCisco ASAJuniper ScreenOSOperationsSecurity
Idle SSH session timeouts can put you in a grumpy mood. Let’s standardize them across your devices. We like 30 minutes as it seems to be a sweet spot for the brain to say, well, it has been 30 minutes since I’ve done anything, so it’s ok to be disconnected.
This one is odd as it is not a specific command for SSH. Juniper provides you with a web timeout and a console timeout. The web timeout is specific for the WebUI and the console timeout is for SSH and console. No, you are not allowed to use telnet anymore!
CN-SSG5-A-> set console timeout 30
CN-5510-A/act(config)# ssh timeout 30
CHECK POINT GAIA/SPLAT/IPSO
[[email protected]]# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig;echo “#SSH Timeout Settings” >> /etc/ssh/sshd_config;echo ClientAliveInterval 1800 >> /etc/ssh/sshd_config;echo ClientAliveCountMax 0 >> /etc/ssh/sshd_config;service sshd restart
[[email protected]]# clish -c “set inactivity-timeout 30” ; clish -c “save config”
CN-IP290-4[admin]# clish -c “set inactivity-timeout 30” ; clish -c “save config”
Now time to celebrate another flawless victory with coffee.