FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 11-20-2008, 11:14 PM
"Yanagisawa, Koji"
 
Default Force close on unattended SSH/SFTP connections

Dear CentOS people,

I'm sure many have faced this before but I can't seem to figure this
out.


I need unattended OpenSSH and its SFTP connections to be closed after a
while (say, in 10 minutes). This needs to override anything that could
be done from the client side (ServerAliveInterval or keepalives a
program like PuTTY can send). I kind of understand it's not always
easy to know when the client side is "unattended," but I'd like to know
where people drew the line and what people did in the past.


ClientAliveInterval only seem to help reap connections when the client
side is unreachable, so this doesn't really help.


TMOUT in shell achieves what I want with SSH, but this doesn't help
with SFTP. Setting net.ipv4.tcp_keepalive_probes to 0 kind of does
what I want (ServerAliveInterval ruins it), and I'm not sure if that's
generally accepted practice.


If this could be achieved in OpenSSH, that would be great, but if it
needs to be some other way I'll be glad to find out...


Your insight appreciated,

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-21-2008, 12:19 AM
"Filipe Brandenburger"
 
Default Force close on unattended SSH/SFTP connections

Hi,

On Thu, Nov 20, 2008 at 19:14, Yanagisawa, Koji <yanagik317@netscape.net> wrote:
> I need unattended OpenSSH and its SFTP connections to be closed after a
> while (say, in 10 minutes).

I believe you can do that with iptables, using the ipt_recent module.
I did not test it or did it before, but looking at the man page it
looks like a tool that could be used to implement just that.

See "man iptables" and look for "recent". The examples usually do the
opposite (block someone for a certain amount of time), but you should
be able to come up with the rules to do what you want on your own.

See also http://snowman.net/projects/ipt_recent/

HTH,
Filipe
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 05:04 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org