Details
The time interval that the router waits for the SSH client to respond before disconnecting an uncompleted login attempt.
Rationale:
This reduces the risk of an administrator leaving an authenticated session logged in for an extended period of time.
Impact:
Organizations should implement a security policy requiring minimum timeout settings for all network administrators and enforce the policy through the ‘ip ssh timeout’ command.
Solution
Configure the SSH timeout
hostname(config)#ip ssh time-out [60]
Default Value:
SSH in not enabled by default.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Cisco.