[sshd] Close all SSH connetions after 15 minutes of inactivity (#3031)
- What I did Configure sshd to close all SSH connetions after 15 minutes of inactivity. - How I did it Set ClientAliveInterval to 900 (900 seconds = 15 minutes) and ClientAliveCountMax to 0 in /etc/ssh/sshd_config using augtool in build_debian.sh. In the process, I refactored the existing augtool command for sshd_config so as to add comments and empty lines to file for readability. - How to verify it Log into device via management port. Wait 15 minutes without sending a keystroke -- you should be automatically logged out.
This commit is contained in:
parent
0bca6b8468
commit
30a8d1d8f0
@ -278,8 +278,28 @@ sudo chmod u+s $FILESYSTEM_ROOT/bin/ping{,6}
|
||||
sudo rm -f $FILESYSTEM_ROOT/etc/ssh/ssh_host_*_key*
|
||||
sudo cp files/sshd/host-ssh-keygen.sh $FILESYSTEM_ROOT/usr/local/bin/
|
||||
sudo cp -f files/sshd/sshd.service $FILESYSTEM_ROOT/lib/systemd/system/ssh.service
|
||||
## Config sshd
|
||||
sudo augtool --autosave "set /files/etc/ssh/sshd_config/UseDNS no" -r $FILESYSTEM_ROOT
|
||||
# Config sshd
|
||||
# 1. Set 'UseDNS' to 'no'
|
||||
# 2. Configure sshd to close all SSH connetions after 15 minutes of inactivity
|
||||
sudo augtool -r $FILESYSTEM_ROOT <<'EOF'
|
||||
touch /files/etc/ssh/sshd_config/EmptyLineHack
|
||||
rename /files/etc/ssh/sshd_config/EmptyLineHack ""
|
||||
set /files/etc/ssh/sshd_config/UseDNS no
|
||||
ins #comment before /files/etc/ssh/sshd_config/UseDNS
|
||||
set /files/etc/ssh/sshd_config/#comment[following-sibling::*[1][self::UseDNS]] "Disable hostname lookups"
|
||||
|
||||
rm /files/etc/ssh/sshd_config/ClientAliveInterval
|
||||
rm /files/etc/ssh/sshd_config/ClientAliveCountMax
|
||||
touch /files/etc/ssh/sshd_config/EmptyLineHack
|
||||
rename /files/etc/ssh/sshd_config/EmptyLineHack ""
|
||||
set /files/etc/ssh/sshd_config/ClientAliveInterval 900
|
||||
set /files/etc/ssh/sshd_config/ClientAliveCountMax 0
|
||||
ins #comment before /files/etc/ssh/sshd_config/ClientAliveInterval
|
||||
set /files/etc/ssh/sshd_config/#comment[following-sibling::*[1][self::ClientAliveInterval]] "Close inactive client sessions after 15 minutes"
|
||||
save
|
||||
quit
|
||||
EOF
|
||||
# Configure sshd to listen for v4 connections; disable listening for v6 connections
|
||||
sudo sed -i 's/^ListenAddress ::/#ListenAddress ::/' $FILESYSTEM_ROOT/etc/ssh/sshd_config
|
||||
sudo sed -i 's/^#ListenAddress 0.0.0.0/ListenAddress 0.0.0.0/' $FILESYSTEM_ROOT/etc/ssh/sshd_config
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user