2.1.1.1.4 Set 'seconds' for 'ip ssh timeout' for 60 seconds or less

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The time interval that the router waits for the SSH client to respond before disconnecting an uncompleted login attempt.

Rationale:

This reduces the risk of an administrator leaving an authenticated session logged in for an extended period of time.

Impact:

Organizations should implement a security policy requiring minimum timeout settings for all network administrators and enforce the policy through the 'ip ssh timeout' command.

Solution

Configure the SSH timeout

hostname(config)#ip ssh time-out [<em>60</em>]

Default Value:

SSH in not enabled by default.

See Also

https://workbench.cisecurity.org/benchmarks/12741