bash $TMOUT
Mike McGrath
mmcgrath at redhat.com
Thu Jul 24 00:44:25 UTC 2008
On Wed, 23 Jul 2008, Chuck Anderson wrote:
> On Wed, Jul 23, 2008 at 04:40:37PM -0400, Ricky Zhou wrote:
> > On 2008-07-23 09:07:58 AM, Mike McGrath wrote:
> > > On Wed, 23 Jul 2008, Jorge Bras wrote:
> > > > If people start using screen they just have to reconnect, et voila, continue
> > > > to work.
> > > > At least for me, screen was the solution.
> > A downside with that solution is that if I detach a screen session
> > and end my SSH session, the next time I reattach, I lose my SSH agent,
> > and that means having to type SSH passwords repeatedly until I
> > completely destroy and reconstruct the screen session.
>
> 1. Isn't it a bad idea to be storing your SSH keys long term in
> process memory of a remote system anyway? Or are these keys only for
> Fedora stuff?
>
> 2. Doesn't running screen with shells and stuff in it kinda defeat the
> purpose of $TMOUT? I mean, if the idea is to free up resources, you
> aren't really freeing up much if you can keep an idle screen session
> with 10 shells open in it with emacs or whathaveyou.
>
1) yes
2)
The idea is more to ensure that sessions aren't just left open for someone
to come upon and mess with. 6 days is a long time to have been logged in
especially in idle. Means there's a shell who knows where protected by
who knows what. I'd hate for someone to start a screen session on their
remote machine, ssh into ours, and just leave it there for days having
their machine get hacked, someone attaching to that screen session.
Just one such example of an attack, the more obvious is having company
over for the night, "mind if I use your computer?" sort of thing, or in a
dorm room, or who knows what. Its not complete protection, but I think
its a good first step.
-Mike
More information about the infrastructure
mailing list