Acesso de tempo limite com o Shell

Question

Acesso de tempo limite com o Shell

#1 resposta do (1 votos)

0

Oi eu tenho um servidor Web do Debian 6 para o qual eu posso conectar com o Putty. Mas se eu deixar o Putty aberto, mesmo depois de 2 dias, ainda estou logado.

Eu tenho 2 perguntas:

Como posso ter certeza de que serei desconectado depois de um tempo ocioso de digamos uma hora.
Como posso desativar o acesso root?

Muito obrigado

root security debian putty

por sanders 21.03.2013 / 12:28

1 resposta

Tags root security debian putty

Criando múltiplos gráficos por nível de fator (gráfico trillis) no excel caminho aberto do NetBeans Navigator

score 1 · Answer 1

Edite seu /etc/ssh/sshd_config .

para 1. confira essas opções, acho que isso deve fazer o truque:

ClientAliveInterval 30
ClientAliveCountMax 120

Explicação de man 5 sshd_config :

ClientAliveCountMax
Sets the number of client alive messages (see below) which may be sent without sshd(8) receiving any messages back from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the client, terminating the session. It is important to note that the use of client alive messages is very different from TCPKeepAlive (below). The client alive messages are sent through the encrypted channel and therefore will not be spoofa‐ ble. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The client alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive.

The default value is 3. If ClientAliveInterval (see below) is set to 15, and ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds. This option applies to protocol version 2 only.
ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client. This option applies to protocol version 2 only.

para 2. defina PermitRootLogin no ; existem também outros valores possíveis:

 PermitRootLogin
Specifies whether root can log in using ssh(1). The argument must be “yes”, “without-password”, “forced-commands-only”, or “no”. The default is “yes”.

If this option is set to “without-password”, password authentication is disabled for root.

If this option is set to “forced-commands-only”, root login with public key authentication will be allowed, but only if the command option has been specified (which may be useful for taking remote backups even if root login is normally not allowed). All other authentication methods are disabled for root.

If this option is set to “no”, root is not allowed to log in.

Sim (a partir da resposta antiga, conforme notado nos comentários): Você precisa reiniciar o daemon SSH: /etc/init.d/sshd restart .