Go to main content

Oracle® ILOM Security Guide For Firmware Releases 3.x and 4.x

Exit Print View

Updated: December 2019

Set a Timeout Interval for Inactive CLI Sessions

The Oracle ILOM CLI, which is accessed by connecting to Oracle ILOM over the Secure Shell (SSH) protocol or by using a serial connection, supports a configurable session time-out interval for closing inactive CLI sessions. When configured, this feature reduces the risk of an unauthorized user finding an unattended computer with an authenticated CLI session to Oracle ILOM.

For Increased security, you should configure a CLI session time-out interval in any environment where the Oracle ILOM CLI is used on a shared console. Ideally, you should set the CLI session time-out interval to 15 minutes or less.

To view or modify the time-out interval property set for inactive Oracle ILOM CLI sessions, see the following web-based instructions.

Before You Begin

  • Admin (a) role is required to modify the CLI properties.

  • The default CLI session time-out interval set for SSH connections is disabled and set to 0 (zero) minutes.

    Note - When the CLI time-out interval is set to 0 (zero), Oracle ILOM will not close the inactive CLI sessions regardless of the time a session remains idle.
  • The CLI session time-out interval property is only configurable in Oracle ILOM for server SPs running firmware release 3.0.4 or later.

  1. Navigate to the CLI page in the Oracle ILOM web interface.

    For instance, in the:

    • 3.0.x web interface, click Configuration -> System Management Access -> CLI.
    • 3.1 and later web interface, click ILOM Administration -> Management Access -> CLI.
  2. In the CLI page, set a CLI session time-out interval by performing the following.
    1. Select the Enable check box.
    2. Enter in a number between 1-1440 minutes to specify how many minutes can lapse until an inactive command-line session is automatically logged out.
    3. Click Save to apply the changes.

Related Information