Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8404
Views
2
Helpful
4
Replies

SSH timeout in FTD

hkchoudhary
Level 1
Level 1

‎12-04-2019 07:30 AM - edited ‎02-21-2020 09:44 AM

Hi Team,

I am trying to configure the SSH timeout for FTD. I see an option of Console Timeout under Device-->Platform Setting-->Timeout(Global). Is SSH and Console timeout in FTD are same? Also, I did the set 6 min as console output and did a save and deploy but if I run a command show running-config console timeout I still see 0 here, am I missing anything in there. 

Labels:
0 Helpful
4 Replies 4

nspasov
Cisco Employee
Cisco Employee

‎12-04-2019 10:39 PM - edited ‎12-04-2019 10:39 PM

Hi there-

SSH Timeouts are configured in:

Devices > Platform Settings > Secure Shell

Console Timeouts are configured in:

Devices > Platform Settings > Timeouts > Console Timeout

To verify the console timeouts, you will need to connect to the FXOS CLI since FXOS where the console "lives." This can vary based on the hardware that you are using. For instance, for Firepower 1K/2K you can verify this by:

Connecting to the console port (Or SSH to the box and then issue "connect FXOS") > scope security > scope default-auth > show detail

I hope this helps!

Thank you for rating helpful posts!

hkchoudhary
Level 1
Level 1
In response to nspasov

‎12-05-2019 12:50 AM

Hi @nspasov,

Thank you for the quick response. I have an ASA Series device so I am unable to run connect command from FTD CLI. Below are the details for my VM :
Model: Cisco Firepower Threat Defense for VMWare (75) Version 6.2.3 (Build 20)

Cisco Adaptive Security Appliance Software Version 9.9(1)52
Firepower Extensible Operating System Version 2.3(1.54)

Hardware: ASAv, 8192 MB RAM, CPU Xeon E5 series 2197 MHz, 1 CPU (4 cores)
Model Id: ASAv30
Also while configuring SSH timeout if I navigate to Devices > Platform Settings > Secure Shell, I only see the option to add an SSH host, I don't see the option to select the SSH version or timeout as shown below :
FMC_SSH_Timeout.JPG
For Console timeout, I configured it via Devices > Platform Settings > Timeouts > Console Timeout, but if I am trying to see the console output in the FTD CLI, I still se 0 in the running-config as shown below :
Console_Timeout.JPG

0 Helpful

hkchoudhary
Level 1
Level 1
In response to hkchoudhary

‎12-09-2019 04:52 AM

Hi Team,

Any update will be really appreciated.

0 Helpful

SaisPas
Level 1
Level 1
In response to hkchoudhary

‎01-20-2020 06:19 PM

Excerpt from a ticket on a similar issue, may be relevant:

 

 

Problem Description: As per the case notes, Altering console timeout value via FMC does not change Lina configuration.

 

Action Plan:

  • As per the case notes, you altered the timeout value via FMC to 10 minutes and it’s not showing up in the LINA configuration.
  • I have found a BUG which is a cosmetic bug related to this exact scenario.
  • Bug ID: CSCvo35782
  • Here is the link to refer above BUG ID:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo35782/?rfs=iqvred

 

  • Symptom:
    Console timeout value altered from default infinite (e.g. 0) to a different value. The running configuration of Lina will show that the value is still set at 0. This is a cosmetic issue and the true value from which console timeout is getting invoked is under /etc/sf/clish_attributes.conf (example below):

    Changed timeout value to 10 minutes
    =======================

    FTD# sh run | i console
    console timeout 0

    root@FTD:/home/admin# cat /etc/sf/clish_attributes.conf
    INACTIVITY_TIMEOUT=600
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card