SRX

last person joined: 15 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Console/vty login session inactivity timeout

    Posted 06-04-2012 11:55

    Does anyone know the Console/vty login session inactivity timeout by default at SRX650? How to configure it? thanks.

     

    YL



  • 2.  RE: Console/vty login session inactivity timeout

    Posted 06-04-2012 20:48

    Hi ,

     

    From KB20967 :

     

    The device never automatically disconnects the management users; this is the default behavior of the SRX and J-series. This is because the idle timeout is disabled by default.

    To validate the current setting, use the following command :
    root@juniper>show cli
    CLI complete-on-space set to on
    CLI idle-timeout disabled

    If you want the users to disconnect after some time, configure the idle timeout according to your requirements using the following command:

    root@juniper> set cli idle-timeout ?
    Possible completions:
    <timeout> Maximum idle time (0..100000 minutes)

    Use the command show cli to validate the setting.

    Example:
    In this example the idle timeout is set to 60 minutes.
    root@juniper> set cli idle-timeout 60
    Idle timeout set to 60 minutes

    root@juniper> show cli
    CLI complete-on-space set to on
    CLI idle-timeout set to 60 minutes

    root@juniper% exit

    When you login to the device you will see the idle-time is disabled.

    root@juniper> run show cli
    CLI complete-on-space set to on
    CLI idle-timeout disabled

    NOTE: These changes are lost after a reboot OR when the user that has configured the same logs out. 


    If you want the users to logout on their own and have the changes saved after a reboot, create a custom class and call the idle-timeout in that class.

    Example:
    [edit system login]
    root# show
    class test {
        idle-timeout 1;
        permissions all;
    }
    user user {
        uid 2006;
        class test;
        authentication {
            encrypted-password "$1$ZBez9s7.$cR93T3DyYcrBXwPQ.2XNe1"; ## SECRET-DATA
        }
    }

    When you login as user, you will always see the idle timeout as 1 min.
    user@juniper> show cli
    CLI complete-on-space set to on
    CLI idle-timeout set to 1 minute


  • 3.  RE: Console/vty login session inactivity timeout

    Posted 06-05-2012 10:57

    thanks Pradeep.

     

    YL



  • 4.  RE: Console/vty login session inactivity timeout

    Posted 04-28-2018 10:04

    Hi 

    I have configured 10+ local users in my device as "super-user"

     

    If I want to set cli idle timeout to 10mins to all the user then I should create another user class called "super-class-local", define idle-timeout session to 10 then I should set persmission to "all" ...

     

    If I do this then  "super-class-local"  classwill be equivalent to "super-class" class ??? The users operation/function will not be affected right ?



  • 5.  RE: Console/vty login session inactivity timeout

    Posted 12-05-2019 07:51

    Correct..

     

    I can confirm this as I've just deployed it.

     

    If one of the users is the user you are using to make this change, you'll obviously have to log out and log back in again for the new changes to take effect.

     

    Keep a local admin user in the `super-user` group though, just incase.