If a user enables the ESXi Shell on a host, but forgets to log out of the session, the idle session remains connected indefinitely. The open connection can increase the potential for someone to gain privileged access to the host. You can prevent this by setting a timeout for idle sessions.

The idle timeout is the amount of time that can elapse before the user is logged out of an idle interactive sessions. Changes to the idle timeout apply the next time a user logs in to the ESXi Shell and do not affect existing sessions.


Browse to the host in the vSphere Web Client inventory.


Click the Manage tab and click Settings.


Under System, select Advanced System Settings.


Select UserVars.ESXiShellTimeOut and click the Edit icon.


Enter the idle timeout setting.

You must restart the SSH service and the ESXi Shell service for the timeout to take effect.

If you are logged in when the timeout period elapses, your session will persist. However, after you log out or your session is terminated, users are not allowed to log in.