SRX Services Gateway
Reply
Visitor
yanliu
Posts: 3
Registered: ‎06-04-2012
0

Console/vty login session inactivity timeout

Does anyone know the Console/vty login session inactivity timeout by default at SRX650? How to configure it? thanks.

 

YL

Recognized Expert
JunOS_Fan
Posts: 241
Registered: ‎02-13-2012
0

Re: Console/vty login session inactivity timeout

Hi ,

 

From KB20967 :

 

The device never automatically disconnects the management users; this is the default behavior of the SRX and J-series. This is because the idle timeout is disabled by default.

To validate the current setting, use the following command :
root@juniper>show cli
CLI complete-on-space set to on
CLI idle-timeout disabled

If you want the users to disconnect after some time, configure the idle timeout according to your requirements using the following command:

root@juniper> set cli idle-timeout ?
Possible completions:
<timeout> Maximum idle time (0..100000 minutes)

Use the command show cli to validate the setting.

Example:
In this example the idle timeout is set to 60 minutes.
root@juniper> set cli idle-timeout 60
Idle timeout set to 60 minutes

root@juniper> show cli
CLI complete-on-space set to on
CLI idle-timeout set to 60 minutes

root@juniper% exit

When you login to the device you will see the idle-time is disabled.

root@juniper> run show cli
CLI complete-on-space set to on
CLI idle-timeout disabled

NOTE: These changes are lost after a reboot OR when the user that has configured the same logs out. 


If you want the users to logout on their own and have the changes saved after a reboot, create a custom class and call the idle-timeout in that class.

Example:
[edit system login]
root# show
class test {
    idle-timeout 1;
    permissions all;
}
user user {
    uid 2006;
    class test;
    authentication {
        encrypted-password "$1$ZBez9s7.$cR93T3DyYcrBXwPQ.2XNe1"; ## SECRET-DATA
    }
}

When you login as user, you will always see the idle timeout as 1 min.
user@juniper> show cli
CLI complete-on-space set to on
CLI idle-timeout set to 1 minute
Best regards
Pradeep (JNCIP-SEC,ENT,SP)
www.networker.co.in
Visitor
yanliu
Posts: 3
Registered: ‎06-04-2012
0

Re: Console/vty login session inactivity timeout

thanks Pradeep.

 

YL

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.