ArubaOS and Controllers

Reply
Occasional Contributor II
Posts: 17
Registered: ‎08-05-2009

SSH Timeout and SSH Login Attempts

Good afternoon,

I am looking through all docs, etc to find out if it's possible to set timeout and login attempts for SSH on the Aruba controllers. This is a requirement we have to set but I can't find documentation that states it does this...so my guess is it does not?

Maybe someone has run across this?

Timeout
The system administrator will ensure SSH timeout value is set to 60 seconds or less, causing incomplete SSH connections to shut down after 60 seconds or less.

Login Attempts
The system administrator will ensure the maximum number of unsuccessful SSH login attempts is set to three, locking access to the network device.


Thank You,
Adriana

Code: ArubaOS 3.3.2.11
and
Code: ArubaOS 3.3.2.18-rn-3.1.4
Aruba Employee
Posts: 455
Registered: ‎04-02-2007

Re: SSH Timeout and SSH Login Attempts

Hi Adriana,

I don't think the first one is configurable if you're talking about something such as I start an SSH session and just leave the session hanging without authenticating. The session will timeout but I don't believe you can configure that value, it's part of the system. You can set a CLI idle value for authenticated sessions, but it has a minimum of 5 minutes.

The second part can be configured as part of the management user password policy. It can be set to a value between 0 (disabled) and 10, and can be locked out from 1min to 24hrs. In the AOS 5.0 user guide the configuration of this policy starts on page 522. Here is the CLI:

aaa password-policy mgmt
password-lock-out
password-lock-out-time


-awl
Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Occasional Contributor II
Posts: 17
Registered: ‎08-05-2009

Re: SSH Timeout and SSH Login Attempts

Thanks a bunch for the information

Worked like a charm when I upgraded to the new 5.0 since the version I had didn't support that command.

As for the SSH timeout, I guess any SSH connection times out after 30 seconds if the user does not enter in a password and this cannot be controlled by the Aruba device.

Thanks!
Aruba Employee
Posts: 455
Registered: ‎04-02-2007

Re: SSH Timeout and SSH Login Attempts

Hi Adriana,

Yes, the controller will disconnect the session after 30 seconds if nothing is seen from the client. I don't believe you can set this timer right now.

-awl
Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Search Airheads
Showing results for 
Search instead for 
Did you mean: