If you enable the ESXi Shell on a host, but forget to log out of the session, the idle session remains connected indefinitely. The open connection increases the potential for someone to gain privileged access to the host. Prevent this by setting a timeout for idle sessions.

The idle timeout is the amount of time that can elapse before a user is logged out of an idle interactive session. You can control the amount of time for both local and remote (SSH) session from the Direct Console Interface (DCUI) or from the vSphere Client.

Procedure

  1. Browse to the host in the vSphere Client inventory.
  2. Click Configure.
  3. Under System, select Advanced System Settings.
  4. Click Edit, select UserVars.ESXiShellInteractiveTimeOut, and enter the timeout setting.
    A value of zero (0) disables the idle time.
  5. Restart the ESXi Shell service and the SSH service for the timeout to take effect.

Results

If the session is idle, users are logged out after the timeout period elapses.