cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2849
Views
10
Helpful
10
Replies

Disable Cisco IOS XR timeout of ssh sessions due to inactivity

davehouser1
Level 1
Level 1

First of all here is the systems info:

#do show version
Wed Dec 21 04:05:27.344 UTC
Cisco IOS XR Software, Version 7.4.16
Copyright (c) 2013-2021 by Cisco Systems, Inc.

Build Information:
 Built By     : ingunawa
 Built On     : Mon Nov 29 03:56:27 PST 2021
 Built Host   : iox-ucs-069
 Workspace    : /auto/srcarchive17/prod/7.4.16/iosxrwbd/ws
 Version      : 7.4.16
 Location     : /opt/cisco/XR/packages/
 Label        : 7.4.16

S9700-53DX-R8 () processor
System uptime is 9 weeks 17 hours 32 minutes

I want ssh sessions to never timeout. How do I do this? I tried disabling `no ssh timeout` but that did not help. The session will end if there is inactivity. How do I prevent this for SSH?

10 Replies 10

absolute-timeout minutes <<<- make this timeout long enough.
Terminal Services Commands on Cisco IOS XR Software - Cisco

@MHM Cisco World 

Thanks! Note I had to use the following parent setting first:

line default
 absolute-timeout 2880


But this worked! Thank you. 
Source: https://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.7/system_management/command/reference/yr37term.html

you are so welcome 

@MHM Cisco World I think I spoke too soon. I still get kicked off Is there something else that would cause the SSH sessions to end?

are you using AAA for auth the SSH connection ?

I am not sure. We are using TACACS+ to login. 

then the timeout must set in TACACS+ server, where the session timeout is send back to Router as attribute, and router use it. 

Sorry for delay in reply, busy with holidays. 
Ok so I found out we are using tac_plus off a linux box. I see no timeout setting set in our conf file. However that does not mean that timeout dose not have a default value. I tried setting `default timeout = 0` and `timeout = 0` under the group names, however the service will not start if I do that. The documentation for tac_plus is not very helpful either. I also enabled debug and watched the logs, nothing comes up in syslog. There is an accounting folder, but tac_plus refuses to create any accounting logs. I assume there is some setting I need to set in the Cisco to enable this possibly? not clear on this either. 
Has anyone use this service before? Can I get some help / example config files to set the timeout value? Also if the timeout is set to 0 by default, then why does the remote session (the router) keep disconnecting after so many min of inactivity? 

Any update on this? Anyone have any experience working with tac_plus? 

I figured it out!
It was not tacacs+ (tac_plus) setting, but ios xr settings. It was the following settings applied to each Cisco IOS XR router:

line default exec-timeout 0 0
line default absolute-timeout 0
line default session-timeout 0

Source: https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/sysman/63x/b-system-management-cg-ncs5500-63x/b-system-management-cg-ncs5500-63x_chapter_0110.html 

Just a note, I did find the documentation for tac_plus, posting it here because it was hard to find.
The commands that could be used are not clear to me because none of them a difference. It seems I need AAA 11.0 to use them, but I am not sure how to check how to do this in cisco IOS XR. Either way I dont care, the manual approach works for me. 

Source: https://www.pro-bono-publico.de/projects/tac_plus.html#AEN233