Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides
https://forum.ivorde.com/

Junos: How to disconnect idle ssh connections in configuration mode - Juniper SRX
https://forum.ivorde.com/junos-how-to-disconnect-idle-ssh-connections-in-configuration-mode-juniper-srx-t14151.html
Page 1 of 1

Author:  mandrei99 [ Tue May 14, 2013 5:40 am ]
Post subject:  Junos: How to disconnect idle ssh connections in configuration mode - Juniper SRX

Ever saw multiple users connections becoming stale (connection reset at client edge most often) like below:

Code:
Somebody@carter> configure   
Entering configuration mode
Users currently editing the configuration:
  Somebody terminal p0 (pid 8505) on since 2013-04-24 14:27:29 UTC, idle 2w5d 19:02
      [edit]
  Somebody terminal p1 (pid 8524) on since 2013-04-24 14:28:01 UTC, idle 2w5d 19:01
      [edit]
  Somebody terminal p2 (pid 58926) on since 2013-05-14 08:12:42 UTC, idle 01:13:58
      [edit]


This can happen when users close their terminal putty/SecureCRT windows without logging out of Junos or when their connection becomes idle and a firewall on the way resets the session.

There are two ways to address this:
1. activate keepalive for ssh in Junos:
Code:
Somebody@carter# show system services ssh
root-login deny-password;
protocol-version v2;
client-alive-count-max 5;
client-alive-interval 120;

The above settings speak for them selves

and second option is to disconnect/logout idle users in Junos "configuration" mode:
Code:
[edit]
Somebody@carter# status   
Users currently editing the configuration:
  Somebody terminal p1 (pid 58995) on since 2013-05-14 09:30:13 UTC
      [edit]
  Somebody terminal p0 (pid 59294) on since 2013-05-14 09:35:57 UTC
      [edit security]
Somebody@carter# run request system logout pid 59294

One needs to pay attention here not to kill own shell. In my case, current configuration was under "[edit]" and the killed session was under "[edit security]" (Yes, it's an SRX :D).

Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/