Environment and Session Management

Proper session management enhances security while maintaining usability. Configure environment handling, session limits, and timeouts based on security requirements and user needs.

Implement secure environment configuration:

# Secure environment handling
# In sshd_config

# Restrict environment variables
PermitUserEnvironment no
AcceptEnv LANG LC_*

# Custom environment setup
# /etc/ssh/sshrc (executed for all users)
#!/bin/bash

# Security logging
logger -p auth.info "SSH login: $USER from ${SSH_CLIENT%% *}"

# Set secure umask
umask 077

# Resource limits
ulimit -c 0  # No core dumps
ulimit -f 1048576  # 1GB file size limit
ulimit -n 1024  # File descriptor limit

# Timeout for idle sessions
export TMOUT=1800  # 30 minutes

# Security notice
echo "This system is for authorized use only."
echo "All activities are logged and monitored."

Configure session multiplexing for performance:

# Client-side multiplexing configuration
# ~/.ssh/config

Host *
    ControlMaster auto
    ControlPath ~/.ssh/control-%C
    ControlPersist 10m

# Create control socket directory with proper permissions
mkdir -p ~/.ssh
chmod 700 ~/.ssh

# Monitor active control sockets
ls -la ~/.ssh/control-*

# Manually close a control socket
ssh -O exit hostname