If a user enables the ESXi Shell on a host, but forgets to log out of the session, the idle session remains connected indefinitely. The open connection can increase the potential for someone to gain privileged access to the host. You can prevent this by setting a timeout for idle sessions.

The idle timeout is the amount of time that can elapse before a user is logged out of an idle interactive session. You can control the amount of time for both local and remote (SSH) session from the Direct Console Interface (DCUI) or from the vSphere Web Client.

Procedure

  1. Browse to the host in the vSphere Web Client inventory.
  2. Click Configure.
  3. Under System, select Advanced System Settings.
  4. Select UserVars.ESXiShellInteractiveTimeOut, click the Edit icon, and enter the timeout setting.
  5. Restart the ESXi Shell service and the SSH service for the timeout to take effect.

Results

If the session is idle, users are logged out after the timeout period elapses.