in RHEL 8.6+ and 9
https://access.redhat.com/errata/RHBA-2022:8327
https://access.redhat.com/discussions/6960435
https://bugzilla.redhat.com/show_bug.cgi?id=2100464
In the past, a de facto solution was to use sshd’s ClientAliveInterval and ClientAliveCountMax options. However, those options were never intended for this purpose, and on RHEL 9 with openssh rebase their behaviour has changed to the extend that it cannot be reliably used for sessions timeouts.
过去,事实的标准方案是使用sshd的配置选项:ClientAliveInterval 和ClientAliveCountMax;但是这两个选项在RHEL9上,被修改了,不再作为这个功能使用了。
现在使用的方法是systemd提供的,systemd-logind;SessionIdleTerminateSec=10min to /etc/systemd/logind.conf
https://www.niap-ccevs.org/MMO/PP/-442-/#FMT_SMF_EXT.1.1
Enable/disable [selection: screen lock, session timeout];
Configure lockout policy for unsuccessful authentication attempts through [selection: timeouts between attempts, limiting number of attempts during a time period]
systemd涉及的改动
https://github.com/systemd/systemd/pull/24242
https://github.com/redhat-plumbers/systemd-rhel9/pull/111
https://kb.vmware.com/s/article/2117274?lang=en_US
TMOUT