EasyManuals Logo
Home>Cisco>Network Router>ASR 5500

Cisco ASR 5500 User Manual

Cisco ASR 5500
508 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #67 background imageLoading...
Page #67 background image
For StarOS release 21.0 onwards, a user cannot access the /flash directory if the user logs in from a
non-local context.
Important
Secure Session Logout
When StarOS is disconnected from an SSH client, the default behavior has sshd terminate the CLI or SFTP
session in about 45 seconds (using default parameters). Two SSH Configuration mode CLI commands allow
you to disable or modify this default sshd disconnect behavior.
For higher security, Cisco recommends at least a client-alive-countmax of 2 and client-alive-interval of
5. Smaller session logout values may lead to occasional ssh session logouts. Adjust values to balance
security and user friendliness.
Important
The client-active-countmax command sets the number of client-alive messages which may be sent without
sshd receiving any messages back from the SSH client (default =3). If this threshold is reached while the
client-alive messages are being sent, sshd disconnects the SSH client thus terminating the session.
The client-alive-interval command sets a timeout interval in seconds (default = 15) after which if no data
has been received from the SSH client, sshd sends a message through the encrypted channel to request a
response from the client. The number of times that the message is sent is determined by the
client-alive-countmax parameter. The approximate amount of time before sshd disconnects an SSH client
disconnect = client-alive-countmax X client-alive-interval.
The client-alive mechanism is valuable when the client or server depend on knowing when a connection has
become inactive.
The client-alive messages are sent through the encrypted channel and, therefore, are not spoofable.Important
These parameter apply to SSH protocol version 2 only.Important
Changing Default sshd Secure Session Logout Parameters
The following command sequence modifies the default settings for the ClientAliveCountmax (default = 3)
and ClientAliveInterval (default = 15 seconds) parameters.
Step 1
Enter the context configuration mode.
[local]host_name# configure
Step 2
Go to the SSH Configuration mode.
[local]host_name(config)# context context_name
ASR 5500 System Administration Guide, StarOS Release 21.4
35
Getting Started
Secure Session Logout

Table of Contents

Other manuals for Cisco ASR 5500

Preview: System Administration Guide
System Administration Guide430 pages
Preview: Installation Guide
Installation Guide192 pages
Preview: Installation Procedure Overview
Installation Procedure Overview6 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASR 5500 and is the answer not in the manual?

Cisco ASR 5500 Specifications

General IconGeneral
BrandCisco
ModelASR 5500
CategoryNetwork Router
LanguageEnglish

Related product manuals