000037749 - How to increase the timeout for SSH session in RSA NetWitness Logs & Network 11.3.1.

Document created by RSA Customer Support Employee on Jul 24, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037749
Applies ToRSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: NetWitness Platform UI
RSA Version/Condition: 11.3.1
Platform: CentOS 7
IssueAfter upgrading RSA NetWitness Logs & Network hosts to 11.3.1, the SSH session times out in 3 minutes of inactivity.

The timeout is introduced as a result of SSH hardening in 11.3.1.
ResolutionIn order to increase the timeout, please apply the following changes.
  1. Modify /etc/ssh/sshd_config to increase the ClientAliveInterval and ClientAliveCountMax.For example, setting ClientAliveInterval and ClientAliveCountMax to 1800 and 10 respectively will increase the timeout to 18000 seconds or 5 hours.
    ClientAliveInterval 1800
    ClientAliveCountMax 10

    For more information on ClientAliveInterval and ClientAliveCountMax, please refer to the following descriptions copied from http://man.openbsd.org/sshd_config.
    Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client.

    Sets the number of client alive messages which may be sent without sshd(8) receiving any messages back from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the client, terminating the session. It is important to note that the use of client alive messages is very different from TCPKeepAlive. The client alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The client alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive.
    The default value is 3. If ClientAliveInterval is set to 15, and ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds.
  2. Modify /etc/profile to increase TMOUT or comment it out to disable auto-logout.
  3. Restart the sshd service
    systemctl restart sshd
  4. Close and reopen the SSH session.