2.1.1.1.4 Set 'seconds' for 'ip ssh timeout'

Information

The time interval that the router waits for the SSH client to respond before disconnecting an uncompleted login attempt.

Rationale:

This reduces the risk of an administrator leaving an authenticated session logged in for an extended period of time.

Impact:

Organizations should implement a security policy requiring minimum timeout settings for all network administrators and enforce the policy through the 'ip ssh timeout' command.

Solution

Configure the SSH timeout

hostname(config)#ip ssh time-out [<em>60</em>]

Default Value:

SSH in not enabled by default.

See Also

https://workbench.cisecurity.org/files/3801

Item Details

Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

References: 800-53|AC-19, 800-53|IA-2(2), CSCv7|4.5

Plugin: Cisco

Control ID: 89317e6ce2943a078258663ac2b22ebace1a7c8adfd8deda45bda54a5067b6a1