If a user enables the ESXi Shell on a host, but forgets to log out of the session, the idle session remains connected indefinitely. The open connection can increase the potential for someone to gain privileged access to the host. You can prevent this by setting a timeout for idle sessions.

The idle timeout is the amount of time that can elapse before the user is logged out of an idle interactive sessions. Changes to the idle timeout apply the next time a user logs in to the ESXi Shell. Changes do not affect existing sessions.

You can specify the timeout from the Direct Console User Interface in seconds, or from the vSphere Web Client in minutes.

Procedure

  1. From the Troubleshooting Mode Options menu, select Modify ESXi Shell and SSH timeouts and press Enter.
  2. Enter the idle timeout, in seconds.
    You must restart the SSH service and the ESXi Shell service for the timeout to take effect.
  3. Press Enter and press Esc until you return to the main menu of the Direct Console User Interface.

Results

If the session is idle, users are logged out after the timeout period elapses.