How can i manage users sessions duration?

andreyrassokhin · August 14, 2019, 7:41pm

I’m trying to understand how can i manage users sessions time. By default as i understood this is 12 hours after authorization, but i wanna manage users sessions duration globally and personally.

gizmo@GIZMO-LAPTOP:/mnt/d/Downloads/teleport$ ./tsh.exe --proxy=ubuntu --insecure --user=gizmo login
WARNING: You are using insecure connection to SSH proxy https://ubuntu:3080
Enter password for Teleport user gizmo:
Enter your OTP token:
999999

Profile URL: https://ubuntu:3080
Logged in as: gizmo
Cluster: ubuntu
Roles: admin*
Logins: gizmo
Valid until: 2019-08-15 10:39:42 +0400 +04 [valid for 12h0m0s]
Extensions: permit-agent-forwarding, permit-port-forwarding, permit-pty

What i wanna do:

Change 12h globally for every user that successfully passed authorization, for example to 6h
Change session duration time to 6h only for specified users

How can i do that? I didn’t found any explanation about it in documentation.

gus · August 16, 2019, 5:59am

I believe that the only way to change the default TTL for a user is by editing their role. Role-based access control (RBAC) is an Enterprise feature and not available in the community edition of Teleport.

In Enterprise installations, you can set max_session_ttl which will change the default lifetime of an issued certificate. See https://gravitational.com/teleport/docs/ssh_rbac/#role-options in the documentation.

system · August 16, 2019, 9:11am

This topic was automatically closed 12 hours after the last reply. New replies are no longer allowed.