IBM Support

QRadar: How to modify the SSH timeout value from the command line

How To


Summary

This technote shows you how to change your QRadar® CLI timeout period from the default 10 min. This configuration change must be completed on each appliance

Environment

QRadar 7.5.x (all upgrade pack versions)

Steps

Important: Changing this value can conflict with your organization's security policy and requirements. Check the policies and requirements before you make any changes.
  1. Log in to your Console by using your root account credentials. If you have a nonpriviledged account, use sudo -i or su -.
  2. Check the current values:
    grep ClientAliveInterval /etc/ssh/sshd_config
    grep ClientAliveInterval /opt/qradar/conf/ssh/sshd_config.defaults


    Note: Changes to the sshd configu persistent after a reboots. The default value is expressed in seconds. This technical note procedure sets the timeout value to 600 seconds or 10 minutes. For example,
    #ClientAliveInterval 0
    ClientAliveInterval 600

     
  3. Make a backup copy of both files by running the following command:
    mkdir -pv /root/ssh_backup
    cp -v /etc/ssh/sshd_config /root/ssh_backup/sshd_config.orig
    cp -v /opt/qradar/conf/ssh/sshd_config.defaults /root/ssh_backup/sshd_config.defaults.orig
  4. Open both files in an editor:
    • vi /etc/ssh/sshd_config
    • vi /opt/qradar/conf/ssh/sshd_config.defaults
  5. Change the value for ClientAliveInterval from 600 to a value that matches your security policy or requirements.
  6. Save your changes.
  7. Restart the sshd service, type: systemctl restart sshd

    Results
    Repeat this procedure on each host where you need to extend the default SSH timeout value. If you need to revert the changes, copy the original files to their original locations with their original file names, and restart the sshd service again.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
21 September 2023

UID

ibm16569163