2

I'm aware of the ability to logout inactive SSH sessions after a period of time but leaving something like "top" open works around that.

This question is more in the context of forceful disconnects and likely with cert-based keys.

For example, take a cert-based key that's only valid for 24 hours. I'm wondering if it's possible to have SSH automatically disconnect the open session when the cert end date is reached?

For the situations I'm thinking of forceful disconnects won't be an issue.

If there's a way to forcefully disconnect all sessions after a period of time, like 24 hours. That would be also be useful.

Rob Olmos
  • 2,240
  • 1
  • 15
  • 26
  • 1
    On a Linux system, ps -eo start_time,args | grep "sshd" will show you a list of ssh processes (excluding the master processes) along with how long ago they were started. It would not be to hard to write a script to check if the first field has a ":" in it, and if not, kill the process as its more then 24 hours old - and then run this script periodically from cron. – davidgo Sep 09 '19 at 23:03

1 Answers1

1

Good question; a quick test on my own Ubuntu 18.04.3 system suggests that no, it will not logout a user. man sshd for BSD suggests that expiry-time offers the time after which the key will not be accepted.

My understanding of most SSH systems is that authentication is done at login, and not done again, although I see no reason why a server could not re-authenticate at each command input. I can't find information that suggests my understanding is incorrect.

LTPCGO
  • 508
  • 1
  • 3
  • 15