This article applies to BoKS 7.1.

Description

If a user logs in via SSH and then runs a program as another user via SUEXEC, and keystroke logging is enabled both for the SSH and the SUEXEC sessions, the inactivity timeout does not function correctly. Inactivity monitoring is still enforced but applies to the SSH session rather than the SUEXEC session. In this situation the timeout value of the logged in user is used instead of the value set for the target user of the SUEXEC session.

Also, process activity related to the SUEXEC session is not taken into account and thus the user may be logged out even if there are active processes running. Keyboard input and output to the screen still counts as activity.

Resolution / Workaround

FoxT will release a hotfix to mitigate this problem. Until a hotfix is available the workaround is to avoid using keystroke logging on SSH and SUEXEC for the same user when inactivity monitoring must be used.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018