Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
717
Views
0
Helpful
5
Replies

ASA 5545 authentication timeout

dassey111
Level 1
Level 1

‎12-16-2016 07:27 AM - edited ‎03-12-2019 01:40 AM

I have a firewall DOD DISA STIG I need to apply. I have to set authentication timeout to 60 seconds.

Is there a way to set authentication timeouts? So if a user tries to SSH into the device and let it sit at the login screen for 60 seconds, reset/drop/close the session.

I have been looking for an AAA command to implement this, but no luck yet.

ASA 5545

ASA Version 9.4(3)

Labels:
0 Helpful
5 Replies 5

cofee
Level 5
Level 5

‎12-16-2016 11:07 AM

Try this:

ssh timeout 60 (this is in minutes, so you will be setting it for 1 minute and I am not sure but that might already be the default value)

This will be applied to the global config and set the timeout for any ssh connection on the firewall whether authenticated by radius/tacacs or local credentials.

0 Helpful

dassey111
Level 1
Level 1
In response to cofee

‎12-19-2016 05:44 AM

The default value is 5 minutes I believe.

So this is a great command and a great effort on your part. This will END the SESSION after X minutes of IDLE time.

And to be honest, I may have to use this command.

0 Helpful

cofee
Level 5
Level 5
In response to dassey111

‎12-19-2016 07:23 AM

This should be CAT II NET1645 DISA STIG - This command will take care of it.

0 Helpful

nspasov
Cisco Employee
Cisco Employee

‎12-16-2016 08:00 PM

Hi there, I believe the command that you are looking for is:

console timeout 1

Here is the description of the command directly from the config guide:

Changing the Console Timeout Period

To change the console timeout period, or the duration of time the management console remains active before automatically shutting down, perform the following steps.

Detailed Steps

Command
Purpose

console timeoutnumber

Example:

hostname(config)# console timeout 0

Specifies the idle time in minutes (0 through 60) after which the console session ends. The default timeout is 0, which means the console session will not time out.

I hope this helps!

Thank you for rating helpful posts!

0 Helpful

dassey111
Level 1
Level 1
In response to nspasov

‎12-19-2016 05:40 AM

Oh, thanks for giving it a go. Good on you.

That is a good command if I want my session to last 1 minute in total time period. But, alas, I want the authentication time period to last less than 1 minute. Not the actual session.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card