4405271e69
This patch is a follow-on docs patch for the sshd configuration work. Implements: blueprint security-rhel7-stig Change-Id: Ie140302bd0a20282f2f08a1296e04217e52da114
31 lines
966 B
ReStructuredText
31 lines
966 B
ReStructuredText
---
|
|
id: RHEL-07-040191
|
|
status: implemented
|
|
tag: sshd
|
|
---
|
|
|
|
The ``ClientAliveCountMax`` configuration is set to ``0`` in
|
|
``/etc/ssh/sshd_config`` and sshd is restarted.
|
|
|
|
Deployers can adjust the maximum amount of client alive intervals by changing
|
|
the following Ansible variable.
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_sshd_client_alive_count_max: 0
|
|
|
|
.. note::
|
|
|
|
The STIG requires that ``ClientAliveInterval`` is set to 600 and
|
|
``ClientAliveCountMax`` is set to zero, which sets a 10 minute session
|
|
timeout. If no data is transferred in a 10 minute period, the session is
|
|
disconnected.
|
|
|
|
The ``ClientAliveInterval`` specifies how long the ssh daemon waits
|
|
before it sends a message to the client to see if it is still alive. The
|
|
``ClientAliveCountMax`` specifies how many of these messages are sent
|
|
without receiving a response.
|
|
|
|
Deployers should refer to :ref:`stig-RHEL-07-040190` to customize the
|
|
``ClientAliveInterval`` setting.
|