Bug 742997 - Configure ssh sessions to have a default timeout
Summary: Configure ssh sessions to have a default timeout
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ovirt-node
Version: 6.2
Hardware: x86_64
OS: Linux
high
medium
Target Milestone: rc
: ---
Assignee: Joey Boggs
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 794870
TreeView+ depends on / blocked
 
Reported: 2011-10-03 14:32 UTC by Perry Myers
Modified: 2012-07-19 14:15 UTC (History)
10 users (show)

Fixed In Version: ovirt-node-2.2.3-1.el6
Doc Type: Bug Fix
Doc Text:
A previous version of Red Hat Enterprise Virtualization Hypervisor did not apply a default timeout for SSH sessions. The Hypervisor now terminates SSH sessions after 15 minutes of inactivity.
Clone Of:
: 794870 (view as bug list)
Environment:
Last Closed: 2012-07-19 14:15:55 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:0741 0 normal SHIPPED_LIVE ovirt-node bug fix and enhancement update 2012-07-19 18:10:46 UTC

Description Perry Myers 2011-10-03 14:32:44 UTC 
Description of problem:
Configure ssh sessions to have a default timeout

Needinfo from security team on what the best practices for this timeout are
Comment 2 Perry Myers 2011-10-03 19:04:00 UTC 
From sgrubb:

> The DISA STIG recommends 15 minutes.
Comment 5 Zac Dover 2011-10-10 04:22:17 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
A previous version of Red Hat Enterprise Virtualization Manager did not have default timeouts for ssh sessions.

Red Hat Enterprise Virtualization Manager now has a default timeout of five minutes for ssh sessions.
Comment 6 Alan Pevec 2011-10-10 07:00:04 UTC 
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,3 +1,3 @@
-A previous version of Red Hat Enterprise Virtualization Manager did not have default timeouts for ssh sessions.
+A previous version of Red Hat Enterprise Virtualization Hypervisor did not have default timeouts for ssh sessions.
 
-Red Hat Enterprise Virtualization Manager now has a default timeout of five minutes for ssh sessions.+Red Hat Enterprise Virtualization Hypervisor now has a default timeout of five minutes for ssh sessions.
Comment 7 Joey Boggs 2011-10-10 12:53:40 UTC 
its actually 15 minutes (3 rounds of 5 min checks)
Comment 8 Zac Dover 2011-10-10 18:41:20 UTC 
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,3 +1,3 @@
 A previous version of Red Hat Enterprise Virtualization Hypervisor did not have default timeouts for ssh sessions.
 
-Red Hat Enterprise Virtualization Hypervisor now has a default timeout of five minutes for ssh sessions.+Red Hat Enterprise Virtualization Hypervisor now has a default timeout.  It checks three times in intervals of five minutes for ssh session timeouts.
Comment 9 Guohua Ouyang 2011-10-12 01:45:47 UTC 
Tested on 6.2-20111010 build, ssh to rhevh host whole night, the session is still alive, can see the IDLE time is 15 hours already.

# w
 01:42:42 up 15:30,  3 users,  load average: 0.02, 0.01, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
admin    pts/0    10.66.9.237      Tue10   15:09m  0.69s  0.01s /bin/bash /usr/libexec/ovirt-admin-shell
admin    pts/1    10.66.11.102     Tue10   15:08m  0.69s  0.00s /bin/bash /usr/libexec/ovirt-admin-shell
admin    pts/2    dhcp-65-158.nay. 01:29    0.00s  0.73s  0.06s sshd: admin [priv]
Comment 10 Alan Pevec 2011-10-12 07:29:38 UTC 
What is your ssh client config, do you maybe have ServerAliveInterval set?
Comment 11 Guohua Ouyang 2011-10-12 08:23:48 UTC 
(In reply to comment #10)
> What is your ssh client config, do you maybe have ServerAliveInterval set?

no, I have no ServerAliveInterval set in /etc/ssh/ssh_config.
Comment 14 Steve Grubb 2011-10-20 14:42:16 UTC 
This is what we use:
ClientAliveInterval 900
ClientAliveCountMax 0
Comment 18 Stephen Gordon 2012-03-08 18:38:51 UTC 
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,3 +1,3 @@
-A previous version of Red Hat Enterprise Virtualization Hypervisor did not have default timeouts for ssh sessions.
+A previous version of Red Hat Enterprise Virtualization Hypervisor did not have default timeout for ssh sessions.
 
 Red Hat Enterprise Virtualization Hypervisor now has a default timeout.  It checks three times in intervals of five minutes for ssh session timeouts.
Comment 19 Stephen Gordon 2012-03-08 18:42:15 UTC 
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,3 +1,3 @@
-A previous version of Red Hat Enterprise Virtualization Hypervisor did not have default timeout for ssh sessions.
+A previous version of Red Hat Enterprise Virtualization Hypervisor did not apply a default timeout for SSH sessions.
 
-Red Hat Enterprise Virtualization Hypervisor now has a default timeout.  It checks three times in intervals of five minutes for ssh session timeouts.+The Hypervisor now terminates SSH sessions after 15 minutes of inactivity.
Comment 20 Stephen Gordon 2012-05-28 16:00:07 UTC 
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,3 +1 @@
-A previous version of Red Hat Enterprise Virtualization Hypervisor did not apply a default timeout for SSH sessions.
+A previous version of Red Hat Enterprise Virtualization Hypervisor did not apply a default timeout for SSH sessions. The Hypervisor now terminates SSH sessions after 15 minutes of inactivity.-
-The Hypervisor now terminates SSH sessions after 15 minutes of inactivity.
Comment 22 errata-xmlrpc 2012-07-19 14:15:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0741.html
Note You need to log in before you can comment on or make changes to this bug.