4405271e69
This patch is a follow-on docs patch for the sshd configuration work. Implements: blueprint security-rhel7-stig Change-Id: Ie140302bd0a20282f2f08a1296e04217e52da114
966 B
---id: RHEL-07-040191 status: implemented tag: sshd ---
The ClientAliveCountMax configuration is set to
0 in /etc/ssh/sshd_config and sshd is
restarted.
Deployers can adjust the maximum amount of client alive intervals by changing the following Ansible variable.
security_sshd_client_alive_count_max: 0Note
The STIG requires that ClientAliveInterval is set to 600
and ClientAliveCountMax is set to zero, which sets a 10
minute session timeout. If no data is transferred in a 10 minute period,
the session is disconnected.
The ClientAliveInterval specifies how long the ssh
daemon waits before it sends a message to the client to see if it is
still alive. The ClientAliveCountMax specifies how many of
these messages are sent without receiving a response.
Deployers should refer to stig-RHEL-07-040190 to customize the
ClientAliveInterval setting.