Hi Team,
need technical and expertice advice here.
I saw there is new security feature recommended since Vmware vpshere 5.5 which is the
possiblity to "create Timeout for Idle ESXi Shell Sessions "
by go to UserVars.ESXiShellInteractiveTimeOut field, enter the availability timeout setting.
this helps increase the security where if user login the ESXi Shell on a host via putty, but forgets to log out of the session,
the idle session remains connected continuously.
The open connection can increase the potential for unauthorized access.
but my engineering team has rejected my idea on this . reason they given is that
sometimes admnistrator use SSH (using putty)sessions to copy data (VMs, memory dumps) and etc.
it said during this activity there is no key-strokes are being sent to session
andd therefore the session will be terminated. it caused the process running behind got interrupted and stopped
Is that true that background process running behind such as copy data will be terminated
due to the exit of the putty/esxi shell session after the timed out session ? I thought it is indepedent?
hope to get expertise explaination and confirmation on this area.
your help is much appreciated.
After talking to some of the team here, the SSH timeout at this time will close sessions at the the set time regardless of activity.
Your background process such as copying data and other processes will not be terminated. only the user logon session will be disconnected
The ESXi Shell timeout setting specifies how long you can leave an unused session open. By default, the timeout for the ESXi Shell is 0, which means the session remains open even if it is unused. If you change the timeout, for example, to 30 minutes, you have to log in again after the timeout period has elapsed.
The unit of measurement for the timeout is seconds in the ESXi Shell and minutes in the vSphere Client.
Note If you are logged in when the timeout period elapses, your session will persist. However, the ESXi Shell will be disabled, preventing other users from logging in. |