Go to main content

Oracle^® ILOM Security Guide For Firmware Releases 3.x and 4.x

Exit Print View

» ...Documentation Home » Oracle Integrated Lights Out Manager (ILOM) ... » Oracle^® ILOM Security Guide For ... » Oracle ILOM Deployment Practices for ... » Configuring Oracle ILOM Interfaces for ... » Configure the CLI for Increased Security » Set a Timeout Interval for Inactive CLI Sessions

Updated: December 2019

Oracle^® ILOM Security Guide For Firmware Releases 3.x and 4.x

Document Information

Using This Documentation

Security Features Per Oracle ILOM Firmware Release

Checklists for Keeping Oracle ILOM Secure

Oracle ILOM Deployment Practices for Increasing Security

Securing the Physical Management Connection

Choosing Whether to Configure FIPS Mode At Deployment

Enable FIPS Mode at Deployment

Unupported Features When FIPS Mode Is Enabled

Securing Services and Open Network Ports

Preconfigured Services and Network Ports

Management of Unwanted Services and Open Ports

Configuring Services and Network Ports

Securing Oracle ILOM User Access

Avoid the Creation of Shared User Accounts

Assignment of Role-Based Privileges

Security Guidelines for Managing User Accounts and Passwords

Remote Authentication Services and Security Profiles

Configuring User Access for Increased Security

Securing the Automatic Service Request (ASR) Endpoint Connection

Uploading an SSL Certificate for ASR Client Configurations

Configuring Oracle ILOM Interfaces for Increased Security

Configure the Web Interface for Increased Security

Improve Security by Using a Trusted SSL Certificate and Private Key

Enable the Strongest TLS Encryption Properties

Set a Timeout Interval for Inactive Web Sessions

Configure the CLI for Increased Security

Management of SSH Server State and Weak Ciphers

Set a Timeout Interval for Inactive CLI Sessions

Use Server Side Keys to Encrypt SSH Connections

Append SSH Keys to User Accounts for Automated CLI Authentication

Configure SNMP Management Access for Increased Security

Use SNMPv3 Encryption and User Authentication

Sun SNMP MIBs Supporting Configurable Objects

Configure IPMI Management Access for Increased Security

Use IPMI TLS Service for Enhanced Authentication and Packet Encryption

Oracle ILOM IPMI Security Guidelines

IPMI 2.0 Authentication Cypher Suite Support

Configure WS-Management Access for Increased Security

Oracle ILOM Post Deployment Practices for Increasing Security

Language:

Set a Timeout Interval for Inactive CLI Sessions

The Oracle ILOM CLI, which is accessed by connecting to Oracle ILOM over the Secure Shell (SSH) protocol or by using a serial connection, supports a configurable session time-out interval for closing inactive CLI sessions. When configured, this feature reduces the risk of an unauthorized user finding an unattended computer with an authenticated CLI session to Oracle ILOM.

For Increased security, you should configure a CLI session time-out interval in any environment where the Oracle ILOM CLI is used on a shared console. Ideally, you should set the CLI session time-out interval to 15 minutes or less.

To view or modify the time-out interval property set for inactive Oracle ILOM CLI sessions, see the following web-based instructions.

Before You Begin

Admin (a) role is required to modify the CLI properties.
The default CLI session time-out interval set for SSH connections is disabled and set to 0 (zero) minutes.

Note - When the CLI time-out interval is set to 0 (zero), Oracle ILOM will not close the inactive CLI sessions regardless of the time a session remains idle.
The CLI session time-out interval property is only configurable in Oracle ILOM for server SPs running firmware release 3.0.4 or later.

Navigate to the CLI page in the Oracle ILOM web interface.
For instance, in the:
- 3.0.x web interface, click Configuration -> System Management Access -> CLI.
- 3.1 and later web interface, click ILOM Administration -> Management Access -> CLI.

In the CLI page, set a CLI session time-out interval by performing the following.
1. Select the Enable check box.
2. Enter in a number between 1-1440 minutes to specify how many minutes can lapse until an inactive command-line session is automatically logged out.
3. Click Save to apply the changes.

Related Information

CLI Session Timeout and Custom Prompt Configuration Properties in Oracle ILOM Administrator’s Guide for Configuration and Maintenance Firmware Release 4.0.x

Copyright © 2012, 2019, Oracle and/or its affiliates. All rights reserved.