Disconnect SSH sessions from user side IBM 4690

Question

I need SSH session to be disconnected after 45 sec inactivity.

on IBM 4690 SSH server settings are:

 TCPKeepAlive no
 ClientAliveCountMax  3
 ClientAliveInterval  15

But when I do packet capture on a client side (my PC) I see some traffic that initiated by server and then my PC acknowledges the packet. And I think because of this SSH session never times out.

When I connect to a Cisco router using same SSH client I do not see this traffic. And session times out.

Question:

I do not know if it is possible, but
How do I make SSH timeout (or client force close the connection) if user didn't press any buttons. Or window force close or somehow kill/disconnect session in 45 sec.

Thanks,

Answer 1

The ClientAliveInterval setting is the reason that you're seeing periodic packets from the server to the client. It causes the server to periodically send a packet to the client, which the client should respond to. If the client fails to respond enough times, the server will drop the connection.

In other words, the ClientAlive settings just test communication between the server program and the client program. It will detect a client which has disconnected from the network and is no longer responding to packets. It won't detect the case where the client is up and running, but the user is watching cat videos.

If the server is a unix server, you could look at setting a timeout on their shell. bash and other sh-like shells have a variable TMOUT which can be set to time out idle sessions. Shells based on csh have an autologout setting. See this question for further. I think both of these will only drop someone who is idle at the command-line prompt; it won't drop someone who is running a program.

If that's not acceptable, you could look into scripting something based on the output of who or similar.