Description: The two options `ClientAliveInterval` and `ClientAliveCountMax` control the timeout of ssh sessions. When the `ClientAliveInterval` variable is set, ssh sessions that have no activity for the specified length of time are terminated. When the `ClientAliveCountMax` variable is set, `sshd` will send client alive messages at every `ClientAliveInterval` interval. When the number of consecutive client alive messages are sent with no response from the client, the `ssh` session is terminated. For example, if the `ClientAliveInterval` is set to 900 seconds and the `ClientAliveCountMax` is set to 0, the client `ssh` session will be terminated after 1800 seconds of idle time. Rationale: Having no timeout value associated with a connection could allow an unauthorized user access to another user's `ssh` session (e.g. user walks away from their computer and doesn't lock the screen). Setting a timeout value at least reduces the risk of this happening..While the recommended setting is 1800 seconds (30 minutes), set this timeout value based on site policy. The recommended setting for `ClientAliveCountMax` is 0. In this case, the client session will be terminated after 30 minutes of idle time and no keepalive messages will be sent. Audit: Run the following commands and verify `ClientAliveInterval` is 900 `ClientAliveCountMax` is 3 or less:# sshd -T | grep clientaliveintervalClientAliveInterval 1800# sshd -T | grep clientalivecountmaxClientAliveCountMax 0 Remediation: Edit the `/etc/ssh/sshd_config` file to set the parameters according to site policy:ClientAliveInterval 1800ClientAliveCountMax 0.

[time in seconds]

Edit the /etc/ssh/sshd_config file to set the parameter as follows: ClientAliveInterval 15 ClientAliveCountMax 3