SSH only one person at a time

Mustafa Habibi · ‎12-05-2016

Dears in support

Currently more than one person can ssh to cisco devices simultaneously, how can i restrict to only one person at a time for login.

Regards

Mark Malone · ‎12-06-2016

You can have up to over a thousand vty lines in theory on some devices for remote access , you cant close them but you could restrict the ssh access to 1 ip only but you cant stop multiple users logging in at same time that have privilege to do so when lines are open in show users , there is no way to prevent that apart from locking to 1 ip address unless you can find a way to jam up all your vty lines so only 1 is left open , there is no ssh restriction command like that available in IOS anyway

other option setup archiving so you can see exactly what there running when there in the devices

(config)#line vty ?
<0-1509> First Line number

Mustafa Habibi · ‎12-06-2016

Dear Mark

Thanks for your reply. for more clarification we have 3 person with 3 ip which are allow for accessing ssh the devices(ACL). we can login to same device all 3 person simultaneously from our ip. what we want is that if any one is login to device the 2nd person should be unable to ssh to same device.

Regards

Mark Malone · ‎12-06-2016

The only way I could think you might get that to work is some kind of EEM script that comes into effect after first user has logged in , you cant do that through normal Cisco configuration ,once access is allowed and lines are available the user will still be able to get access

Milos Megis · ‎12-06-2016

Hello,
just configure LINE VTY 0 as you want, and LINE VTY 1 15 with command TRANSPORT INPUT NONE