Sunday, 29 November 2015

Automatic Shell and SSH Session Logout

Written by Suhas Savkoor

We have all used SSH Sessions to the ESXi hosts. We use either Putty or other means to obtain access to ESXi Shell, so that we can perform certain operations through the command line for the host. 

One additional thing is required for this process. We need to Start the SSH Service for the host. This is found Under Configuration > Security Profile > Services. This is disabled by default for security purposes. 

Everything is great. We can even make this service better by configuring time-outs. 

There are two time-outs that we can configure.

1. ESXi Shell Interactive Time Out - This is applicable to the SSH Sessions that were opened after the configuration was done. Let's say we have configured this time-out to 60 seconds. So once this configuration is done, and a new Putty Session is opened, it automatically closes after 60 seconds of no activity. Well, if you don't run any commands or you don't scroll in the SSH Session for 60 seconds, you will be logged out automatically. 

2. ESXi Shell Time Out - Remember that SSH Service that we were talking about, yes? We can configure a time-out for this as well. Setting this to, for example 60 seconds, will cause the SSH Service to stop automatically after 60 second regardless of any activity being done or not in the Putty terminal. Shell time out stops access to new Putty Sessions, however, if you have already open Putty Sessions, they will continue to work just fine. 

How do we configure this? 

Method 1: GUI

Select the Host > Configuration > Advanced (Under Software)
Here scroll down to UserVars and locate ESXiShellInteractiveTimeOut and ESXiShellTimeOut and set them to a required value (in seconds)

Method 2: Command Line

Open a SSH to the host that requires to be configured and run these two commands:

ESXi Shell Interactive Time Out

ESXi Shell Time Out

Restart the services for the changes to be applied.

esxcli with time-outs folks!