Skip to content

5.2.22 Ensure SSH Idle Timeout Interval is configured

Audit#

Run the following commands and verify ClientAliveInterval is greater than zero: 

# sshd -T -C user=root -C host="$(hostname)" -C addr="$(grep $(hostname) /etc/hosts | awk '{print $1}')" | grep clientaliveinterval

Example output: 

clientaliveinterval 15

Run the following command and verify ClientAliveCountMax is greater than zero: 

# sshd -T -C user=root -C host="$(hostname)" -C addr="$(grep $(hostname) /etc/hosts | awk '{print $1}')" | grep clientalivecountmax

Example output: 

clientalivecountmax 3

Remediation#

Edit the /etc/ssh/sshd_config file to set the parameters according to site policy.

Example: 

ClientAliveInterval 15
ClientAliveCountMax 3

Default Value:

ClientAliveInterval 0

ClientAliveCountMax 3