At work we maintain over a hundred machines, most of which are regularly accessed via SSH by our developers. Due to the number of machines and the number of tasks that need completed, we found that many of the developers would often forget they were logged into a server and leave an idle SSH session open. Due to the sensitive nature of the data on many of the servers we needed to find a solution to this. We decided to implement an SSH feature to automatically logout SSH sessions after a period of inactivity. Here is how we did it.
Inside the sshd_config file (/etc/ssh/sshd_config) there is a setting for
ClientAliveCountMax. Edit these two lines to look something like:
Once these settings are changed you’ll need to restart your SSH server for them to take effect.
sudo /etc/init.d/ssh restart
Now, if an SSH session is connected with no activity for five minutes, it’ll be automatically logged out. Hopefully reducing the chance of an open connection becoming vulnerable at an idle workstation.