topic You can have up to over a in Network Security

SSH only one person at a time

Mustafa Habibi — Fri, 21 Feb 2020 13:58:22 GMT

Dears in support

Currently more than one person can ssh to cisco devices simultaneously, how can i restrict to only one person at a time for login.

Regards

You can have up to over a

Mark Malone — Tue, 06 Dec 2016 10:22:53 GMT

You can have up to over a thousand vty lines in theory on some devices for remote access , you cant close them but you could restrict the ssh access to 1 ip only but you cant stop multiple users logging in at same time that have privilege to do so when lines are open in show users , there is no way to prevent that apart from locking to 1 ip address unless you can find a way to jam up all your vty lines so only 1 is left open , there is no ssh restriction command like that available in IOS anyway

other option setup archiving so you can see exactly what there running when there in the devices

(config)#line vty ?
<0-1509> First Line number

Dear Mark

Mustafa Habibi — Tue, 06 Dec 2016 10:31:35 GMT

Dear Mark

Thanks for your reply. for more clarification we have 3 person with 3 ip which are allow for accessing ssh the devices(ACL). we can login to same device all 3 person simultaneously from our ip. what we want is that if any one is login to device the 2nd person should be unable to ssh to same device.

Regards

The only way I could think

Mark Malone — Tue, 06 Dec 2016 10:34:52 GMT

The only way I could think you might get that to work is some kind of EEM script that comes into effect after first user has logged in , you cant do that through normal Cisco configuration ,once access is allowed and lines are available the user will still be able to get access

Hello,just configure LINE VTY

Milos Megis — Tue, 06 Dec 2016 11:23:46 GMT

Hello,
just configure LINE VTY 0 as you want, and LINE VTY 1 15 with command TRANSPORT INPUT NONE