Idle timeout on web gui?

R

Ruklaw

Member
Jul 30, 2021
12
1
8
41
Hi
I'm trying to harden up security and one of the issues is that proxmox doesn't have a logon timeout - if I leave the proxmox tab open then if someone gains access to my session they will have access to proxmox (obviously I can try and remember to always close it but sometimes you get sidetracked, and I'd need to train my colleagues too).

It does time out after a few days as my browser throws a certificate error but really I'd want it to lockout within a couple of idle hours (or perhaps at 6pm each day if that isn't practical).

I've tried searching for anyone else that has wanted to do this but all I can find are people that have clock drift complaining about the idle timeout being too short :)

Is there some command that will log out web users that I can setup a cron job to run?

Many thanks
Tim
 
As long as you have the web ui open, it will reauthenticate itself every 15 minutes. If you close it, the ticket it has stored in the cooke will be invalid after 2 hours.
This is also the reason why you cannot logout users from the server, because there is no persistent session id saved anywhere on the server itself.
 
OK so inspired by the certificate error that Chrome gives after a few days, I do have one option, if I run pvecm updatecerts --force then the generation a a new cert will cause Chrome to stop talking to the proxmox web server and so the session will time out in due course (albeit still not very quickly!)

Anyone got any other ideas? I'm going to keep digging....
 
proxmox doesn't have a logon timeout,Is there a better solution? In addition, can the password complexity policy be enabled for users created in the user management interface, or how to simply modify the code to achieve it, thank you
 
dcsapak

I have to disagree with this - all of it. I just got back from dinner (away from home about 2 hours). I left the Web GUI open when I left. Normally I can press <F5> and be prompted to login again. Tonight, no matter what I do, I cannot get the WebGUI to re-appear. I am not even getting the login prompt. I am getting the following:

1701910163232.png

But I can go to my pfSense (which is a VM running on this Proxmox host) and use the PING feature - and the box pings.

1701910220390.png

From a Windows command prompt on the same network segment --

1701910263109.png

Plain and simple - ever since I upgraded to 8.1.3....NOTHING BUT PROBLEMS that force me to REBOOT my entire host to get the Web GUI back. This is insanity.

I have tried 2 other browsers and even "Incognito" mode and still will not give me back the GUI. I have had this issue many times since upgrading - and the only way to get it back is a hard reboot of the box.
 
Last edited:
bearhntr said:
Plain and simple - ever since I upgraded to 8.1.3....NOTHING BUT PROBLEMS that force me to REBOOT my entire host to get the Web GUI back. This is insanity.

I have tried 2 other browsers and even "Incognito" mode and still will not give me back the GUI. I have had this issue many times since upgrading - and the only way to get it back is a hard reboot of the box.
Click to expand...
these problems seem to have nothing to do with the webui in itself, there seems to be a bigger underlying problem if you cannot reach your server
please open a new thread with maybe more information, i'm sure someone will try to help

in general we run the software ourselves on many machines, and while bugs happen, what you experience is not a general problem.
It probably has something to do with your specific hw/sw/network configuration (whatever the problem is)
 
dcsapak said:
these problems seem to have nothing to do with the webui in itself, there seems to be a bigger underlying problem if you cannot reach your server
please open a new thread with maybe more information, i'm sure someone will try to help

in general we run the software ourselves on many machines, and while bugs happen, what you experience is not a general problem.
It probably has something to do with your specific hw/sw/network configuration (whatever the problem is)
Click to expand...
Thanks Dominick,

I am sorry - but I must disagree. Everything works fine with the PVE except the Web GUI when I have this issue. All the VMs on it are ticking along as desired. I am able to access all of their services (RDP or Web GUI on them). I can Ping the PVE with no issues at either. Only the Web GUI is inaccessible.

I have it back this AM, as I rebooted it first thing when I got up - as when I reboot it, I lose Internet until it the 1st VM is booted back up (pfSense).

No use it posting another message, I will get the same response you already gave..."We are not having any issues - it must be something you did/are doing.". :mad:
 
Bearhntr your problem is very unfortunate for you, but doesn't seem to be anything related to the subject of my thread, which is having the web interface lockout as a security feature, rather than something being broken on your server.
 
dcsapak,Ruklaw,can the password complexity policy be enabled for users created in the user management interface, or how to simply modify the code to achieve it, thank you
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back