Configure ESXiShell Timeout for ESXi 6 host

When the ESXi Shell or SSH services are enabled on a host they will run indefinitely. To avoid having these services left running set the ESXiShellTimeOut. The ESXiShellTimeOut defines a window of time after which the ESXi Shell and SSH services will automatically be terminated.

If a user forgets to log out of their SSH session, the idle connection will remains open indefinitely, increasing the potential for someone to gain privileged access to the host. The ESXiShellInteractiveTimeOut allows you to automatically terminate idle shell sessions.

  1. Login to vCenter Server. Go to Home > Hosts and Clusters.
  2. Select one of hosts and go to Manage > Settings > System > Advanced System Settings.
  3. Modify the values for the following two parameters, (recommended value = 900):
    • UserVars.ESXiShellInteractiveTimeOut
    • UserVars.ESXiShellTimeOut

Reference: VMware vSphere 6.0 Hardening Guide

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*
Website