Hello RE: > Found this at: http://www.unix.org.ua/orelly/networking_2ndEd/ssh/ch05_04.htm Yes, this is a nice summary; I also found it, but openssh is not covered here. > SSH1 provides the IdleTimeout keyword, which tells the server what to > do if a connection is idle, i.e., if the user doesn't transmit any ... It appears that IdleTimeout is not supported by openssh on the daemon side: http://www.derkeiler.com/Mailing-Lists/securityfocus/Secure_Shell/2004-08/0034.html It seems strange that I have to ask each user to update their .ssh/ personal config files to have a timeout based upon the keys. E.g.: http://linsec.ca/syshardening/openssh.php There should be a centralized way of controlling this. I have account on a debian machine with openssh, where this is somehow centrally managed (but I have no idea how...). Inactive (but otherwise alive) connections are stopped after a couple of hours. > this answer myself as I am running openssh on a PC and never gave > thought to this issue. But then again I'm the only (authorized) user The danger is when there are many users, some log in from the dorm, e.g. a public computer room, and leave the connection there for hours--days. Cheers, Gaspar
