If you want to control the duration of an O&M session, you can configure O&M settings based on your business requirements. This prevents host resources from being wasted due to lengthy O&M sessions or no O&M operations during a long period of time. This topic describes how to configure O&M settings.

Background information

You can configure the O&M settings, including Idle Timeout Interval, Duration Limit, and Duration to Lock Users Upon Session Blocking.

Procedure

  1. Log on to your bastion host. For more information, see Log on to a bastion host.
  2. In the left-side navigation pane, click System Settings.
  3. On the System Settings page, click the O&M Configuration tab.
  4. In the O&M Configuration section, configure the parameters. Configure O&M settings
    The following table describes the parameters.
    Parameter Description
    Special Host Account Valid values:
    • Allow Access to Hosts by Using Bastionhost Account and Password: specifies whether to allow users to access hosts by using the username and password of a bastion host.
      Note This configuration is suitable for scenarios in which the bastion host account is imported from Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) servers, the host is in the same domain as the bastion host, and the username and password of the server account are the same as those of the bastion host.
    • Allow Access to Hosts by Using Unauthorized Host Accounts: specifies whether to allow password-free access from users to hosts on which the users do not have permissions. This option is selected by default.
      Note This configuration takes effect only when a user accesses hosts on which the user does not have permissions.
      • If a user does not have permissions to access a host, the user can find and select a host that has the user parameter unspecified. Then, the user can enter the username and password of the bastion host to access and perform O&M operations on the host.
      • If this option is cleared, the host account on which the user does not have permissions is not displayed in the asset list during O&M.
    Special Host Configuration Specifies whether to enable the host fingerprint feature. The host fingerprint feature is enabled by default.
    Note A host fingerprint is a unique identifier that Bastionhost uses to identify a Linux host. A host fingerprint can be used to prevent unauthorized users from accessing hosts by redirecting traffic. We recommend that you select Allow Host Fingerprinting.
    Idle Timeout Interval The maximum duration of an idle O&M session. If the duration of an idle O&M session reaches the specified value, the session is automatically disconnected. Valid values: 0 to 60. Unit: minutes. The value 0 indicates that the duration is not limited.
    Note In an idle O&M session, a user logs on to a host but does not perform O&M operations.
    Duration Limit The maximum total duration of O&M sessions. If the total duration reaches the specified value, the ongoing sessions are automatically disconnected. Valid values: 0 to 60. Unit: minutes. The value 0 indicates that the duration is not limited.
    Duration to Lock Users Upon Session Blocking The time that an O&M session can be interrupted by the administrator. During the specified time, users cannot perform O&M operations on all hosts. Valid values: 0 to 60. Unit: minutes. The value 0 indicates that the time is not limited.
  5. After you configure the parameters, click Save. The O&M settings are configured.