ALMA-09-040170 - AlmaLinux OS 9 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.

Information

Terminating an unresponsive SSH session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle SSH session will also free up resources committed by the managed network element.

Terminating network connections associated with communications sessions includes, for example, deallocating associated TCP/IP address/port pairs at the operating system level and deallocating networking assignments at the application level if multiple application sessions are using a single operating system-level network connection. This does not mean the operating system terminates all sessions or network access; it only ends the unresponsive session and releases the resources associated with that session.

Satisfies: SRG-OS-000395-GPOS-00175, SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPOS-00109

Solution

To configure the SSH server to terminate a user session automatically after the SSH client has become unresponsive, add or modify the following lines in "/etc/ssh/sshd_config":

ClientAliveInterval 600
ClientAliveCountMax 1

Alternatively, add the settings to an include file if the line "Include /etc/ssh/sshd_config.d/*.conf" is found at the top of the "/etc/ssh/sshd_config" file:

$ cat << EOF | tee /etc/ssh/sshd_config.d/clientalive.conf
ClientAliveInterval 600
ClientAliveCountMax 1
EOF

Restart the SSH daemon for the settings to take effect:

$ systemctl restart sshd.service

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CL_AlmaLinux_OS_9_V1R1_STIG.zip

Item Details

Category: ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-12, 800-53|MA-4(7), 800-53|SC-10, CAT|II, CCI|CCI-001133, CCI|CCI-002361, CCI|CCI-002891, Rule-ID|SV-269419r1050302_rule, STIG-ID|ALMA-09-040170, Vuln-ID|V-269419

Plugin: Unix

Control ID: 706423567d2661a4ccc899f0795cf8793f544b22a1a42d85b9a8fc52318776f9