Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Change SSH Timeout on ArubaOS Version 6.4.3.7

  • 1.  Change SSH Timeout on ArubaOS Version 6.4.3.7

    Posted Oct 07, 2016 06:53 AM

    Hi,

     

    I am using "Air recorder" to gather health state information about our Aruba environment in a scheduled tasks. - It works in general, but sometimes I cannot access via SSH.

     

    I see that the account I am using is already occupying a couple of SSH processes although I already got what I need from "Air recorder".

     

    (aruba04) #show processes | Include ssh
     0.0 S  4445  3707   9984  6592 4   0 May21 00:00:00 2b079cc8 /etc/ssh/sshd -D -f /etc/ssh/sshd_config
     0.0 S 26098  4445  10240  6976 4   0 11:56 00:00:00 2b079cc8 sshd: arubamonitor@pts/0
     0.0 S 26756  4445  10240  6912 4   0 11:58 00:00:00 2b079cc8 sshd: superadmin@pts/0
     0.0 S 26836 26756   3392  1408 4   0 11:58 00:00:00 2abc9cc8 -sshwrap

    (aruba04) #show clock
    Fri Oct  7 12:02:55 MESZ 2016

    (aruba04) #show running-config
    Building Configuration...

    version 6.4
    enable secret "******"
    loginsession timeout 1
    hostname "aruba04"


    Session Table
    -------------
    ID  User Name   User Role  Connection From  Idle Time  Session Time
    --  ---------   ---------  ---------------  ---------  ------------
    1   superadmin  root       172.19.18.77     00:00:00   00:05:53

     

    I changed the loginsession timeout to 1 and this also works, but still I can see the processes.

     

    The "Air recorder" is started with these paramters:

    --no-local-timing -t 60 --quit-after 60 

     

     

    Is it possible to set the SSH timeout directly? If yes, please tell me how.

     

    Thanks in advance

     

     

    Ruben

     



  • 2.  RE: Change SSH Timeout on ArubaOS Version 6.4.3.7

    Posted Oct 07, 2016 07:08 AM

    Hi Ruben,

    which version of AirRecorder are you using?

    Also is there is a reason why you use -quit-after 60?

    (AirRecorder exits automatically when there are no more commands to execute)

    Are all AirRecorder processes gone? It could be that there is still some running which could explain why you see a connection on the controller.

    Normally "loginsession timeout 1" would terminate idle sessions.

    Thanks,

    -Thomas

     



  • 3.  RE: Change SSH Timeout on ArubaOS Version 6.4.3.7

    Posted Oct 07, 2016 09:29 AM

    Hi Thomas,

     

    I am using "AirRecorder-1.3.14-release.jar". - Is this the most current version?

     

    Reason for timeout and quit-after is just having a try after experiencing that the SSH processes still keep alive for certain time.- No difference if I add those two parameters or not.

     

    AirRecorder already finished it work and I can find the file containing the expected result.

     

    Input file is just one line "0, show switches all", then after a short while I connect again and run again with another input file containing "0, show ap database"; that's it.

     

    Kind regards

     

     

    Ruben



  • 4.  RE: Change SSH Timeout on ArubaOS Version 6.4.3.7

    Posted Oct 07, 2016 10:12 AM

    Hi Ruben,

    1.4.2 is the latest and has been recently uploaded to the support site under Tools & Resources. You might want to try it out since it has an updated SSH library version.

    With the commands you listed, -quit-after is not needed indeed.

    Hope this helps,

    -Thomas



  • 5.  RE: Change SSH Timeout on ArubaOS Version 6.4.3.7

    Posted Oct 07, 2016 06:18 PM

    Hi Thomas,

     

    I will contact our vendor to get the newest version. - Will let you know about my testing result :-)

     

    Thanks so far

     

    Ruben



  • 6.  RE: Change SSH Timeout on ArubaOS Version 6.4.3.7

    Posted Oct 17, 2016 12:59 AM

    Hi Thomas,

     

    I tried the latest version. The behavior keeps same; after 10 minutes the SSH process under which my query was performed still shows up.
    The loginsession  are fine after the adjusted timeout of 1 minute.

    However I workaround the problem by changing my script a little.

     

    Thanks for your support.

     

     

    Ruben



  • 7.  RE: Change SSH Timeout on ArubaOS Version 6.4.3.7

    Posted Oct 17, 2016 07:54 AM

    Thanks Ruben. Appreciate the feedback. I will work on trying to reproduce this on my lab setup.

    -Thomas



  • 8.  RE: Change SSH Timeout on ArubaOS Version 6.4.3.7

    Posted Nov 17, 2016 08:46 PM

    Hi Thomas,

     

    hope you are doing fine. - Do you have some news about my problem?

     

    We are extending our Aruba infrastructure currently so this topic is becoming interesting again.

     

    Thank you very much

     

     

    Ruben

     



  • 9.  RE: Change SSH Timeout on ArubaOS Version 6.4.3.7

    Posted Nov 18, 2016 12:52 PM

    Hi Ruben,

    I tried reproducing this with my 3200XM running 6.4.3.7 without luck. I tested the cases where I:

    - terminate AirRecorder with CTRL-C

    - kill the process with kill -9

    - with -quit-after specified

    In all 3 cases, the loginsession disappears quickly from the controller.

    I am running on MacOS with Java version "1.8.0_92"

    Which OS are you running AirRecorder on? And which java version?

    Thanks,

    -Thomas



  • 10.  RE: Change SSH Timeout on ArubaOS Version 6.4.3.7

    Posted Nov 20, 2016 10:07 PM

    Hi Thomas,

     

    I am running the AirRecorder on Windows 7 and also on a Windows Server 2008 R2. I tried with version jdk1.6.0_45 and version jre1.8.0_102 both with same effects.

     

    You are right, the loginsessions disappear quickly, hover the inidividual- processes keep for 15 minutes around when I check it with: 'show processes | include ssh'

     

    After connecting a few times I cannot login anymore and need to wait until the login-session-processes disappear. - That takes usually thant 15 minutes, no mater what I previoulsy configured.

     

    Hope that describes my problem better :-)

     

    Kind regards

     

     

    Ruben