Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5428
Views
5
Helpful
1
Replies

ssh idle session timeout

Go to solution
joelm
Level 1
Level 1

‎06-07-2020 08:43 PM - edited ‎06-07-2020 08:44 PM

I have an ISR4451 running version 16.08.01 (Fuji). When I SSH into it, I am logged out after an hour of inactivity.  Here is the relevant information from the config file:

% ssh router; date        # SSH into the router and when the session ends, print the date
router#show run | begin line vty
line vty 0 4
access-class 1 in
exec-timeout 0 0
logging synchronous
login local
transport input ssh

router#show users
Line         User     Host(s)   Idle       Location
*866 vty 0   XXXX     idle      00:00:00   IP_REDACTED

router#show clock
22:00:30.767 EDT Sun Jun 7 2020
router#packet_write_wait: Connection to IP_REDACTED: Broken pipe
Sun Jun 7 23:00:30 EDT 2020         # dated printed after connection broken - 1 hour later

 

I used that same configuration paragraph on my previous router (1941 running v15.7) and it never logged me out. I thought the red text disables the idle timeout.  I tried setting the exec-timeout to the maximum value, but it still logged me out after an hour.

router(config-line)#exec-timeout ?
  <0-35791>  Timeout in minutes

router(config-line)#exec-timeout 35791 ?
  <0-2147483>  Timeout in seconds
  <cr>         <cr>

router(config-line)#exec-timeout 35791 2147483
router(config-line)#^Z
router#show run | begin line vty
line vty 0 4
 access-class 1 in
 exec-timeout 35791 23

I would like the SSH session to stay connected until I disconnect. Can someone give me some pointers on what I'm doing wrong?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
joelm
Level 1
Level 1

‎06-10-2020 10:27 AM - edited ‎06-10-2020 10:28 AM

I couldn't get exec-timeout to work the way I expected, so I approached the solution from the other end -- specifically, I changed the ssh configuration on my local machine to send KeepAlive packets.  In my ~/.ssh/config file, I added these line:

Host router
     ServerAliveInterval 900

Alternatively,

Host *
     ServerAliveInterval 900

which will affect every host.  You can also configure it into the SSH global configuration file if you want all users to get this change.  See the SSH documentation

View solution in original post

1 Reply 1

Go to solution
joelm
Level 1
Level 1

‎06-10-2020 10:27 AM - edited ‎06-10-2020 10:28 AM

I couldn't get exec-timeout to work the way I expected, so I approached the solution from the other end -- specifically, I changed the ssh configuration on my local machine to send KeepAlive packets.  In my ~/.ssh/config file, I added these line:

Host router
     ServerAliveInterval 900

Alternatively,

Host *
     ServerAliveInterval 900

which will affect every host.  You can also configure it into the SSH global configuration file if you want all users to get this change.  See the SSH documentation

Customers Also Viewed These Support Documents