If a user enables the ESXi Shell on a host, but forgets to log out of the session, the idle session remains connected indefinitely. The open connection can increase the potential for someone to gain privileged access to the host. You can prevent this by setting a timeout for idle sessions.
Procedure
- Browse to the host in the vSphere Web Client inventory.
- Click Configure.
- Under System, select Advanced System Settings.
- Select UserVars.ESXiShellInteractiveTimeOut, click the Edit icon, and enter the timeout setting.
- Restart the ESXi Shell service and the SSH service for the timeout to take effect.
Results
If the session is idle, users are logged out after the timeout period elapses.