Re: ssh session ends after 15min

Sudqi · ‎07-14-2022

Hello Experts,

I have a catalyst switch connected to cisco ISE, the ssh session ends after 15 min and we should log in by ssh again,

note that we tried to change the time under line vty but it does not work, it seems something must be changed in cisco ISE

Can anyone advise?

thank you

MHM Cisco World · ‎07-14-2022

change the time under VTY ? which time you change ? if it idle or absolute timeout you change ?

Sudqi · ‎07-17-2022

Hello Dear MHM,

I use the exec-timeout configuration under line vty as below

line vty 0 4
exec-timeout 0 0

but unfortunately, still the time out 15 min, I think we must change something in the ISE, or anything else

Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch
00:15:00 00:15:00 00:15:02 not set

Thnaks

Georg Pauwen · ‎07-17-2022

Hello,

as far as I recall, the command 'terminal session-timeout <minutes>" is available from the CLI...that should affect the SSH timeout.

Sudqi · ‎07-17-2022

Hi Georg,

no, this command is not supported on my devices

Thanks

Georg Pauwen · ‎07-17-2022

Hello,

I am pretty sure that it has to do with the session timeout settings. What about configuring this under the vty lines ?

session-timeout 300

Sudqi · ‎07-17-2022

Yes, you are right, this command session-timeout 0 should extend the vty session, but when I type it seems that the device takes the order, but when we check, the command does not exist under vty, I think ISE trigger something missed

paul driver · ‎07-17-2022

Hello
Usually session-timeout default to 30 mins, if you are not seeing this when you assign it to the vty lines then it could be down to your user role privilege access

show privilege

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Sudqi · ‎07-17-2022

Hi Paul,

Thanks for your reply, yes the privilege is 15, and the session-timeout is 15 min (not the default)

Tagir Temirgaliyev · ‎07-17-2022

pls share output - sh runn all | i session-timeout

Sudqi · ‎07-17-2022

Hi Tagir,

nothing found under this command

MHM Cisco World · ‎07-17-2022

there are timeout
exec-timeout
absolute-timeout

you config the exec-timeout BUT if it long than absolute-timeout then the session will terminate before the exec-timeout.
how can I solve this
config absolute-timeout <please here dont config it as infinity, because it will hang your VTY line forever and you need to reboot in some time to release the line>
so start config is with 1 hour and then increase it whenever you want.
NOTE:- it better to config also exec-timeout <less than absolute-timeout> to kill session when it idle for long time.

Sudqi · ‎07-17-2022

Hi MHM,

Please note that we can't configure the absolute-timeout, also we need to make the ssh session as infinity

MHM Cisco World · ‎07-18-2022

OK I get your point,
there are two command
show line vty <x>
show terminal

to make sure that the issue from ISE not from SW or bug,
please console to SW change the timeout the do
show line vty <x>
if you see the timeout is change then
ssh to switch
show terminal
if you see the timeout is 00 15 00 then the issue is ISE timeout is override the config value.

Sudqi · ‎07-19-2022

Hello MHM,

Yes, the time is still 15min after trying to change it under the line VTY, also the command session-timeout under the line vty doesn't remain after writing it, so yes this is the most probable issue, but we need to know where to check from ISE side

Thank You