cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

7089
Views
0
Helpful
6
Replies
Highlighted
Beginner

SSH Timeout for Cisco Devices

H ITeam

 

I am getting logged out from Cisco device

 

While checking log message I can see %SYS-6-TTY_EXPIRE_TIMER: (absolute timer expired, tty 579


line vty 0 3
 exec-timeout 15 0
 privilege level 15
 transport input telnet ssh
 transport output ssh
line vty 4
 exec-timeout 15 0
 privilege level 15
 transport input telnet ssh
 transport output ssh
line vty 5 15
 exec-timeout 0 1
 privilege level 15
 no exec
 transport input none
 transport output none

 

Please suggest in regard to this issue

 

Regards

Sajan Thomas

6 REPLIES 6
Highlighted
Rising star

Hello Sajan,Under the line

Hello Sajan,

Under the line vty 0 3, the "exec-timeout 15(minutes) 0(seconds)" command will disconnect your session after 15 minutes of inactivity. 

 

If you would like to disable the timer, you would enter

line vty 0 3

exec-timeout 0

which would leave your session logged in indefinitely.

 

 

Disabling it is fine for a lab environment, but normally this should be enabled for security.

 

Hope this helps,

if so, please rate.

Thanks.

 

 

Highlighted
Beginner

Hi Cehill I truly agree with

Hi Cehill

 

I truly agree with you, and I am aware of that. But here the problem is this is get terminated even it is active mode. Mean if we are logged in and checking some routing etc.. it will get terminated.

 

Regards

Sajan Thomas

Highlighted
Rising star

I see "absolute-timer" in the

I see "absolute-timer" in the log message. 

 

How are you connecting to the device?

I don't see absolute-timer on the vty ports?

 

Do you see absolute-timer anywhere in your config.

 

 

*********************************************************************************

Bug CSCui94802 states the absolute-timer may be in the wrong location in the config, so it could be in the config, but not listed under the line vty.

 

Absolute-timeout and logout-warning at incorrect location in config

 

Highlighted
Beginner

Hi CehilExactly! There I am

Hi Cehil

Exactly! There I am also stuck! Nowhere in configuration. Anychance this can be enabled in TACACS?

 

Regards
Sajan Thomas

Highlighted
Rising star

Hey Sajan,Just to confirm its

Hey Sajan,

Just to confirm its not in the config, enter the following commands, please.

show run | i absolute

show run | i autocommand

 

If these commands return anything, its probably the culprit.

 

If not, do you mind doing a show tech and uploading it, and I'll take a look at it.

 

Thanks.

 

Highlighted
Beginner

Re: Hi CehilExactly! There I am

Hello @Sajan Thomas ,

I wondering if you got the issue resolved. Looks like it could be a TACACS/ISE issue. See this post:

https://community.cisco.com/t5/switching/sys-6-tty-expire-timer-absolute-timer-expired/td-p/4064672

 

You may want to run the debug tacacs events (depending on the platform you are using)

 

Check to see if the TACACS profile you are using has a time-out setting configured.

HTH,

Barry

CreatePlease to create content
Content for Community-Ad