Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15058
Views
1
Helpful
6
Replies

How to clear disconnected SSH Sessions ACS Server

Go to solution
cybrsage
Level 1
Level 1

‎06-12-2017 07:38 AM - edited ‎02-21-2020 10:32 AM

My secondary ACS server shows me an ever growing list of disconnected sessions when I log into it.  The list starts with the following message:

Following disconnected ssh sessions are available to resume.

I would like to ensure all disconnected sessions are closed immediately (or as soon as possible) after the user disconnects.  Some of these sessions are months old.  How do I go about doing this?

Thanks!

The ACS Server is Linux Based, here is the show ver:

show ver

Cisco Application Deployment Engine OS Release: 2.2
ADE-OS Build Version: 2.2.3.002
ADE-OS System Architecture: x86_64

Copyright (c) 2005-2015 by Cisco Systems, Inc.
All rights reserved.
Hostname: SECONDARY


Version information of installed applications
---------------------------------------------


Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.8.1.4
Internal Build ID : B.462

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
dperezoquendo
Level 1
Level 1

‎06-13-2017 02:09 PM

Hello,

I believe you can clear sessions by doing the following:

sh users

forceout <username>

You should also be able to set a timeout with terminal session-timeout ## command.

View solution in original post

Go to solution
dperezoquendo
Level 1
Level 1
In response to cybrsage

‎06-15-2017 07:55 AM

Hmm, that's interesting. You might have to restart ACS if your able. The timeout sessions should be able to prevent this from happening again.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
dperezoquendo
Level 1
Level 1

‎06-13-2017 02:09 PM

Hello,

I believe you can clear sessions by doing the following:

sh users

forceout <username>

You should also be able to set a timeout with terminal session-timeout ## command.

Go to solution
cybrsage
Level 1
Level 1
In response to dperezoquendo

‎06-14-2017 11:12 AM

One of my users is user - with a few dozen disconnected sessions.  Forceout user does not close the disconnected sessions.  Same with admin.

I cannot use the terminal session-timeout command, it is not a known command.

EDIT:  The command does exist, it is just not in the config t portion, but in the main enable portion instead, oddly enough.  I am adding in a 60 min timeout.

0 Helpful

Go to solution
dperezoquendo
Level 1
Level 1
In response to cybrsage

‎06-15-2017 07:55 AM

Hmm, that's interesting. You might have to restart ACS if your able. The timeout sessions should be able to prevent this from happening again.

0 Helpful

Go to solution
cybrsage
Level 1
Level 1
In response to dperezoquendo

‎06-15-2017 07:54 PM

The timeout-sessions does not show in the config anywhere, though it accepted the command readily enough.  I rebooted and all the sessions are gone.  I will have to see if they return.

Thanks for the help so far!!

0 Helpful

Go to solution
Martin Pritchard
Level 1
Level 1
In response to dperezoquendo

‎03-08-2024 04:29 AM

The forceout command also works on ISE 2.7, I had a stuck tail session and the 30 minute timeout wasn't kicking it.  forceout did the trick, thank you

0 Helpful

Go to solution
cybrsage
Level 1
Level 1

‎06-26-2017 12:31 PM

It has stayed cleared since the last reload of the box.  I believe it was adding the terminal session-timeout 60 command and saving the config, then doing a reload that fixed it.

Thank you VERY much!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents