Ubuntu
openssh package

SSH Idle time out issue

Asked by Prashan M

Hi Team,

SSH idle timeout is not working on Ubuntu 22.04
Following are my configuration

This is our /etc/profile config
TMOUT=60
readonly TMOUT
export TMOUT

cat /etc/bash.bashrc
umask 027
TMOUT=900
readonly TMOUT
export TMOUT

/etc/profile.d/99-tmout.sh
TMOUT=60
readonly TMOUT
export TMOUT

cat /etc/ssh/sshd_config
#TCPKeepAlive yes
ClientAliveInterval 60
ClientAliveCountMax 0

Can anyone helpout here ? Is this a bug ?

openssh version - 1:8.9p1-3ubuntu0.3 amd64

Regards
MA

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu openssh Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said : 		#1

Your question "SSH idle timeout is not working"

Please provide more information:
"not working" in what sense?
What are you doing (e.g. which command are you executing)?
What do you expect to happen?
What happens instead?

Revision history for this message
Prashan M (prashanma) said : 		#2

Hi Manfred,

Thank you for the response

1.) What are you doing- We SSH into the server and remain idle for around 1 minute.

2.)What do you expect to happen? - We expect the SSH session to terminate after 1 minute of idle time.

3.) What happens instead? - However, the session is not timing out as expected.
It appears that the timeout we configured in the bash.bashrc file is functioning correctly. The session is timing out regardless of whether we are idle or not, following the timeout value set in the bash.bashrc file.

Revision history for this message
Manfred Hampl (m-hampl) said : 		#3

According to https://manpages.ubuntu.com/manpages/jammy/en/man5/sshd_config.5.html

ClientAliveCountMax
...
Setting a zero ClientAliveCountMax
             disables connection termination.

I suggest you try setting
ClientAliveInterval 60
ClientAliveCountMax 1
in /etc/ssh/sshd_config
and then restarting the ssh demon

Revision history for this message
Prashan M (prashanma) said : 		#4

I have done the request change but issue still the same.

is this the reason for that we cannot see the IDLE timeouts

"user does not mean an idle connection. SSH does not and never had, intentionally, the
capability to drop idle users. In SSH versions before 8.2p1 there was a bug that caused
these values to behave in such a manner that they where abused to disconnect idle
users. This bug has been resolved in 8.2p1 and thus it can no longer be abused
disconnect idle users."

Above taken from /CIS_Ubuntu_Linux_22.04_LTS_Benchmark section 5.2.22

Revision history for this message
Bernard Stafford (bernard010) said : 		#5

https://linuxhandbook.com/auto-logout-linux/

Can you help with this problem?

Provide an answer of your own, or ask Prashan M for more information if necessary.

To post a message you must log in.