Firewall / IPS / IDS Configuration Tips and Tricks and more..
This is Blog is created to excel our knowledge in Checkpoint, Nokia IP, Nortel Switched Firewalls, Fortigate, Juniper, IBM ISS SiteProtector, IPS/IDS and more...
Friday, May 28, 2010
How to configure SSH session timeout in Checkpoint NG/NGX??
Ever got swearing when in the middle of fw monitor / debug session you got abruptly thrown on session timeout ?? Me too. While thinking naively ssh timeout is managed by sshd/ssh configs I was suprised to know CP did it their way.
Turned out here we get definitions for interactive session : cat /etc/bashrc
# By default, log out the user after three minutes of unattended prompt export TMOUT=180 export SHELL=/bin/bash # Take into account idle setting of cpshell, if available if [ -f /etc/cpshell/cpshell.state ]; then idle=`grep idle /etc/cpshell/cpshell.state | sed s/idle=//` if [ $idle"UNDEFINED" = "UNDEFINED" ]; then idle=3 fi export TMOUT=`expr $idle \* 60` fi
So to change the default timeout for ssh session you can:
1) Set idle variable in /etc/cpshell/cpshell.state to be later multiplied