0

Hi I have a Debian 6 Webserver to which I can connect with Putty. But if I leave Putty open then even after 2 days I am still logged in.

I have got 2 questions:

  1. How can I make sure that I will be logged out after an Idle time of lets say one hour.
  2. How can I disable Root Acces.

Many thanks

sanders
  • 189
  • 2
  • 10
  • 19
  • 2
    http://superuser.com/questions/347562/ssh-terminal-session-times-out-how-can-this-be-changed – Paul Mar 21 '13 at 11:41
  • Please confine each question to a single question, and please search first. – Paul Mar 21 '13 at 11:43

1 Answers1

1

Edit your /etc/ssh/sshd_config.

for 1. check these options, I think that should do the trick:

ClientAliveInterval 30
ClientAliveCountMax 120

Explanation from man 5 sshd_config:

ClientAliveCountMax

Sets the number of client alive messages (see below) which may be sent without sshd(8) receiving any messages back from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the client, terminating the session. It is important to note that the use of client alive messages is very different from TCPKeepAlive (below). The client alive messages are sent through the encrypted channel and therefore will not be spoofa‐ ble. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The client alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive.

The default value is 3. If ClientAliveInterval (see below) is set to 15, and ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds. This option applies to protocol version 2 only.

ClientAliveInterval

Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client. This option applies to protocol version 2 only.

for 2. set PermitRootLogin no; there are also other possible values:

 PermitRootLogin

Specifies whether root can log in using ssh(1). The argument must be “yes”, “without-password”, “forced-commands-only”, or “no”. The default is “yes”.

If this option is set to “without-password”, password authentication is disabled for root.

If this option is set to “forced-commands-only”, root login with public key authentication will be allowed, but only if the command option has been specified (which may be useful for taking remote backups even if root login is normally not allowed). All other authentication methods are disabled for root.

If this option is set to “no”, root is not allowed to log in.

Right (from old answer as noticed in comments): You need to restart SSH daemon: /etc/init.d/sshd restart.

mpy
  • 27,002
  • 7
  • 85
  • 97