SSH session timeout in Checkpoint NG/NGX

Ever got swearing when in the middle of fw monitor / debug session you got abruptly thrown on session timeout ?? Me too. While thinking naively ssh timeout is managed by sshd/ssh configs I was suprised to know CP did it their way.

Turned out here we get definitions for interactive session : cat /etc/bashrc

# By default, log out the user after three minutes of unattended prompt
export TMOUT=180
export SHELL=/bin/bash
# Take into account idle setting of cpshell, if available
if [ -f /etc/cpshell/cpshell.state ]; then
idle=`grep idle /etc/cpshell/cpshell.state | sed s/idle=//`
if [ $idle"UNDEFINED" = "UNDEFINED" ]; then
export TMOUT=`expr $idle \* 60`

So to change the default timeout for ssh session you can:

1) Set idle variable in /etc/cpshell/cpshell.state to be later multiplied

cat /etc/cpshell/cpshell.state

2) Change last export directly to whatever you wish:

export TMOUT=7000 ; in seconds

I personally when working on client’s firewall am setting it manually when long debug session is expected:

[Expert@cp]# TMOUT=700
[Expert@cp]# export TMOUT


0 Responses to "SSH session timeout in Checkpoint NG/NGX"

Post a Comment

Search This Blog

Blog Archive

Total Pageviews