Dear CentOS people,
I'm sure many have faced this before but I can't seem to figure this out.
I need unattended OpenSSH and its SFTP connections to be closed after a while (say, in 10 minutes). This needs to override anything that could be done from the client side (ServerAliveInterval or keepalives a program like PuTTY can send). I kind of understand it's not always easy to know when the client side is "unattended," but I'd like to know where people drew the line and what people did in the past.
ClientAliveInterval only seem to help reap connections when the client side is unreachable, so this doesn't really help.
TMOUT in shell achieves what I want with SSH, but this doesn't help with SFTP. Setting net.ipv4.tcp_keepalive_probes to 0 kind of does what I want (ServerAliveInterval ruins it), and I'm not sure if that's generally accepted practice.
If this could be achieved in OpenSSH, that would be great, but if it needs to be some other way I'll be glad to find out...
Your insight appreciated,
Hi,
On Thu, Nov 20, 2008 at 19:14, Yanagisawa, Koji yanagik317@netscape.net wrote:
I need unattended OpenSSH and its SFTP connections to be closed after a while (say, in 10 minutes).
I believe you can do that with iptables, using the ipt_recent module. I did not test it or did it before, but looking at the man page it looks like a tool that could be used to implement just that.
See "man iptables" and look for "recent". The examples usually do the opposite (block someone for a certain amount of time), but you should be able to come up with the rules to do what you want on your own.
See also http://snowman.net/projects/ipt_recent/
HTH, Filipe
-
Filipe Brandenburger -
Yanagisawa, Koji