cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
34253
Views
1
Helpful
6
Replies

SSH Timeout for Cisco Devices

Sajan Thomas
Level 1
Level 1

H ITeam

 

I am getting logged out from Cisco device

 

While checking log message I can see %SYS-6-TTY_EXPIRE_TIMER: (absolute timer expired, tty 579


line vty 0 3
 exec-timeout 15 0
 privilege level 15
 transport input telnet ssh
 transport output ssh
line vty 4
 exec-timeout 15 0
 privilege level 15
 transport input telnet ssh
 transport output ssh
line vty 5 15
 exec-timeout 0 1
 privilege level 15
 no exec
 transport input none
 transport output none

 

Please suggest in regard to this issue

 

Regards

Sajan Thomas

6 Replies 6

Charles Hill
VIP Alumni
VIP Alumni

Hello Sajan,

Under the line vty 0 3, the "exec-timeout 15(minutes) 0(seconds)" command will disconnect your session after 15 minutes of inactivity. 

 

If you would like to disable the timer, you would enter

line vty 0 3

exec-timeout 0

which would leave your session logged in indefinitely.

 

 

Disabling it is fine for a lab environment, but normally this should be enabled for security.

 

Hope this helps,

if so, please rate.

Thanks.

 

 

Hi Cehill

 

I truly agree with you, and I am aware of that. But here the problem is this is get terminated even it is active mode. Mean if we are logged in and checking some routing etc.. it will get terminated.

 

Regards

Sajan Thomas

I see "absolute-timer" in the log message. 

 

How are you connecting to the device?

I don't see absolute-timer on the vty ports?

 

Do you see absolute-timer anywhere in your config.

 

 

*********************************************************************************

Bug CSCui94802 states the absolute-timer may be in the wrong location in the config, so it could be in the config, but not listed under the line vty.

 

Absolute-timeout and logout-warning at incorrect location in config

 

Hi Cehil

Exactly! There I am also stuck! Nowhere in configuration. Anychance this can be enabled in TACACS?

 

Regards
Sajan Thomas

Hey Sajan,

Just to confirm its not in the config, enter the following commands, please.

show run | i absolute

show run | i autocommand

 

If these commands return anything, its probably the culprit.

 

If not, do you mind doing a show tech and uploading it, and I'll take a look at it.

 

Thanks.

 

Hello @Sajan Thomas ,

I wondering if you got the issue resolved. Looks like it could be a TACACS/ISE issue. See this post:

https://community.cisco.com/t5/switching/sys-6-tty-expire-timer-absolute-timer-expired/td-p/4064672

 

You may want to run the debug tacacs events (depending on the platform you are using)

 

Check to see if the TACACS profile you are using has a time-out setting configured.

HTH,

Barry

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: