Configuring the Login Authentication Timeout for CLI

Background

It may be necessary to increase the login authentication timeout for a CLI connection.

For example, if a RADIUS user connects to the command line on the Gaia operating system, the authentication timeout in an SSH or Console session may expire before the RADIUS authentication completes.

Important - These timeouts apply to the operating system and not to individual users.

Configuring Login Authentication Timeout for SSH

Important:

  • On Scalable Platforms (ElasticXL, Maestro, and Chassis), you must run the applicable commands in Gaia gClish of the applicable Security Group.

  • After you add, configure, or delete features, run the "save config" command to save the settings permanently. Scalable Platforms save the changes automatically.

The default login authentication timeout in SSH is 120 seconds.

Step

Instructions

1

Connect to the command line on the Gaia server.

2

Log in to Gaia Clish.

3

Examine the current timeout value:

show ssh server login-grace-time

If the output shows "undefined", it means an administrator did not configure a value explicitly, and the Gaia OS uses the default timeout value.

4

Configure the required timeout value in seconds:

show ssh server login-grace-time {0 | <1-240>}

The value 0 removes the previously configured limit.

Configuring Login Authentication Timeout for Console

The default login authentication timeout in console is 60 seconds.

Step

Instructions

1

Connect to the command line on the Gaia server.

2

Log in to the Expert mode.

3

Back up the current file:

  • On a Security Gateway / Cluster Member / Management Server / Log Server:

    cp -v /etc/login.defs{,_BKP}

  • On a Scalable Platform Security Group:

    g_all cp -v /etc/login.defs{,_BKP}

4

Edit the current file:

vi /etc/login.defs

5

At the bottom of the file, add these lines:

# Authentication Timeout for Console

LOGIN_TIMEOUT <Value in Seconds>

Example for 30 seconds:

LOGIN_TIMEOUT 30

6

Save the changes in the file and exit the editor.

7

On a Scalable Platform Security Group, copy the modified file to all Security Group Members:

asg_cp2blades /etc/login.defs

Notes:

  • This change applies immediately.

    The next login over the console connection will use the new authentication timeout.

  • For more information about the "/etc/login.defs" file, see the Linux MAN page for "login.defs(5)".