12-16-2016 07:27 AM - edited 03-12-2019 01:40 AM
I have a firewall DOD DISA STIG I need to apply. I have to set authentication timeout to 60 seconds.
Is there a way to set authentication timeouts? So if a user tries to SSH into the device and let it sit at the login screen for 60 seconds, reset/drop/close the session.
I have been looking for an AAA command to implement this, but no luck yet.
ASA 5545
ASA Version 9.4(3)
12-16-2016 11:07 AM
Try this:
ssh timeout 60 (this is in minutes, so you will be setting it for 1 minute and I am not sure but that might already be the default value)
This will be applied to the global config and set the timeout for any ssh connection on the firewall whether authenticated by radius/tacacs or local credentials.
12-19-2016 05:44 AM
The default value is 5 minutes I believe.
So this is a great command and a great effort on your part. This will END the SESSION after X minutes of IDLE time.
And to be honest, I may have to use this command.
12-19-2016 07:23 AM
This should be CAT II NET1645 DISA STIG - This command will take care of it.
12-16-2016 08:00 PM
Hi there, I believe the command that you are looking for is:
console timeout 1
Here is the description of the command directly from the config guide:
To change the console timeout period, or the duration of time the management console remains active before automatically shutting down, perform the following steps.
I hope this helps!
Thank you for rating helpful posts!
12-19-2016 05:40 AM
Oh, thanks for giving it a go. Good on you.
That is a good command if I want my session to last 1 minute in total time period. But, alas, I want the authentication time period to last less than 1 minute. Not the actual session.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide