Details
If a user forgets to log out of their SSH session, the idle connection will remains open indefinitely, increasing the potential for someone to gain privileged access to the host. The ESXiShellInteractiveTimeOut allows you to automatically terminate idle shell sessions.
Solution
From the vSphere Client select the ESXi Host and go to Configuration >> Advanced Settings. Select the UserVars.ESXiShellInteractiveTimeOut value and configure it to 600.
or
From a PowerCLI command prompt while connected to the ESXi host run the following commands:
Get-VMHost | Get-AdvancedSetting -Name UserVars.ESXiShellInteractiveTimeOut | Set-AdvancedSetting -Value 600
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system VMware.
References
- 800-53|SC-10
- CAT|II
- CCI|CCI-001133
- Group-ID|V-63251
- Rule-ID|SV-77741r1_rule
- STIG-ID|ESXI-06-000041
- Vuln-ID|V-63251