12-21-2022 04:32 AM
First of all here is the systems info:
#do show version
Wed Dec 21 04:05:27.344 UTC
Cisco IOS XR Software, Version 7.4.16
Copyright (c) 2013-2021 by Cisco Systems, Inc.
Build Information:
Built By : ingunawa
Built On : Mon Nov 29 03:56:27 PST 2021
Built Host : iox-ucs-069
Workspace : /auto/srcarchive17/prod/7.4.16/iosxrwbd/ws
Version : 7.4.16
Location : /opt/cisco/XR/packages/
Label : 7.4.16
S9700-53DX-R8 () processor
System uptime is 9 weeks 17 hours 32 minutes
I want ssh sessions to never timeout. How do I do this? I tried disabling `no ssh timeout` but that did not help. The session will end if there is inactivity. How do I prevent this for SSH?
12-21-2022 06:02 AM
absolute-timeout minutes <<<- make this timeout long enough.
Terminal Services Commands on Cisco IOS XR Software - Cisco
12-21-2022 12:18 PM
@MHM Cisco World
Thanks! Note I had to use the following parent setting first:
line default
absolute-timeout 2880
But this worked! Thank you.
Source: https://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.7/system_management/command/reference/yr37term.html
12-21-2022 12:27 PM
you are so welcome
12-21-2022 12:45 PM
@MHM Cisco World I think I spoke too soon. I still get kicked off
12-21-2022 12:47 PM
are you using AAA for auth the SSH connection ?
12-22-2022 08:39 AM
I am not sure. We are using TACACS+ to login.
12-22-2022 09:12 AM
then the timeout must set in TACACS+ server, where the session timeout is send back to Router as attribute, and router use it.
01-03-2023 07:46 AM
Sorry for delay in reply, busy with holidays.
Ok so I found out we are using tac_plus off a linux box. I see no timeout setting set in our conf file. However that does not mean that timeout dose not have a default value. I tried setting `default timeout = 0` and `timeout = 0` under the group names, however the service will not start if I do that. The documentation for tac_plus is not very helpful either. I also enabled debug and watched the logs, nothing comes up in syslog. There is an accounting folder, but tac_plus refuses to create any accounting logs. I assume there is some setting I need to set in the Cisco to enable this possibly? not clear on this either.
Has anyone use this service before? Can I get some help / example config files to set the timeout value? Also if the timeout is set to 0 by default, then why does the remote session (the router) keep disconnecting after so many min of inactivity?
01-09-2023 07:36 AM
Any update on this? Anyone have any experience working with tac_plus?
03-08-2023 05:21 AM
I figured it out!
It was not tacacs+ (tac_plus) setting, but ios xr settings. It was the following settings applied to each Cisco IOS XR router:
line default exec-timeout 0 0
line default absolute-timeout 0
line default session-timeout 0
Source: https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/sysman/63x/b-system-management-cg-ncs5500-63x/b-system-management-cg-ncs5500-63x_chapter_0110.html
Just a note, I did find the documentation for tac_plus, posting it here because it was hard to find.
The commands that could be used are not clear to me because none of them a difference. It seems I need AAA 11.0 to use them, but I am not sure how to check how to do this in cisco IOS XR. Either way I dont care, the manual approach works for me.
Source: https://www.pro-bono-publico.de/projects/tac_plus.html#AEN233
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide