Disconnect telnet session

sama

25 posts

4 Feb 2010 at 8:13 a.m. UTC

Hello

How could I ( as a network admin ) disconnect a user who is in a telnet or ssh session to a router? could I telnet To that router & use the command #show user & then #disconnect ?

In the " how the community lab work" document, Stretch mention that the cron task issues a command via ssh to the console server, telling it to disconnect any telnet/ssh sessions from the user that his/her reservation is expired & still open.

But in my case, I don't have a console server, so what is the solution??

scarface

23 posts

4 Feb 2010 at 11:02 a.m. UTC

Type who or sh user

Look at the vty line and then type clear line "number"

sama

25 posts

4 Feb 2010 at 10:19 p.m. UTC

Hello scarface

This is a note from a cisco document:

The clear line vty n command, where n is the connection number displayed in the show ip ssh command output, may be used instead of the disconnect ssh command. When the EXEC connection ends, whether normally or abnormally, the SSH connection also ends.

I read about what you said. it is so helpful.. I need to test it.. but the command who, I should Google about it..

Thanks

sama

25 posts

4 Feb 2010 at 10:29 p.m. UTC

After Googling!!!

The kill command terminates a Telnet session. Use the who command to view the Telnet session ID value. When you kill a Telnet session, the PIX Firewall lets any active commands terminate and then drops the connection without warning the user. The kill command does not affect PIX Firewall Manager sessions.

The cisco document mentioned that the kill command is PIX Firewall command. is it mean that I can't use it in a router??

Thanks scarface..

ju1ce

8 posts

5 Feb 2010 at 12:41 a.m. UTC

(* was my active session)

R01#who

Line User Host(s) Idle Location

*514 vty 0 cisco idle 00:00:00 10.X.X.X

515 vty 1 cisco idle 00:00:04 10.X.X.X

Interface User Mode Idle Peer Address

R01#clear line vty 1

[confirm]

[OK]

R01#

R01#who

Line User Host(s) Idle Location

*514 vty 0 cisco idle 00:00:00 10.X.X.X

Interface User Mode Idle Peer Address

R01#

The following would work too..

R01#clear line 515

[confirm]

[OK]

R01#

R01#who

Line User Host(s) Idle Location

*514 vty 0 cisco idle 00:00:00 10.X.X.X

Interface User Mode Idle Peer Address

R01#

sama

25 posts

5 Feb 2010 at 7:24 a.m. UTC

Hello Ju1ce Thanks a lot for your clarifications. Now I can imagine the whole matter..Thanks a lot..

paulezasx

4 posts

5 Nov 2011 at 12:43 p.m. UTC

Hi.

I have an access server with 4 routers 4 switches.

When we are using lab, 4-5 people at the same time, then we need to use " clear line x" command everytime we want to use the device, because other people session is still active, even if they are on other device!

How can be line cleared automatically , when user uses ctrl-shift-6 , x , command?

Because if we jump from Router to the Access Server, and jump to the switch then, our Router session is still active, and other people need to clear that line if they want to connect :(

Have anybody any ideas?

paulezasx

4 posts

14 Nov 2011 at 8:06 a.m. UTC

no one knows?....

dnewstat

35 posts

14 Nov 2011 at 3:36 p.m. UTC

Line vty 0 4
1)exec-timeout 5 0
2)logout-warning 60
3)absolute-timeout 15

1) telnet session will be disconnected after 5 min of inactivity)
2)60 sec before automatically logging off router will send warning message to user to save config
3)after 15 min router will disconnect telnet session

paulezasx

4 posts

14 Nov 2011 at 5:13 p.m. UTC

Thank you Dnewstat!

Do you know, how I can restrict, to use commands like erase flash/ delete.../ debug all on my devices?

paulezasx

4 posts

14 Nov 2011 at 5:15 p.m. UTC

Thank you Dnewstat!

Do you know, how I can restrict, to use commands like erase flash/ delete.../ debug all on my devices?

dnewstat

35 posts

14 Nov 2011 at 6:35 p.m. UTC

I haven't done this, but I think you would have to set up Radius authentication and TACACS+

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml

sama 25 posts	4 Feb 2010 at 8:13 a.m. UTC Hello How could I ( as a network admin ) disconnect a user who is in a telnet or ssh session to a router? could I telnet To that router & use the command #show user & then #disconnect ? In the " how the community lab work" document, Stretch mention that the cron task issues a command via ssh to the console server, telling it to disconnect any telnet/ssh sessions from the user that his/her reservation is expired & still open. But in my case, I don't have a console server, so what is the solution??
scarface 23 posts	4 Feb 2010 at 11:02 a.m. UTC Type who or sh user Look at the vty line and then type clear line "number"
sama 25 posts	4 Feb 2010 at 10:19 p.m. UTC Hello scarface This is a note from a cisco document: The clear line vty n command, where n is the connection number displayed in the show ip ssh command output, may be used instead of the disconnect ssh command. When the EXEC connection ends, whether normally or abnormally, the SSH connection also ends. I read about what you said. it is so helpful.. I need to test it.. but the command who, I should Google about it.. Thanks
sama 25 posts	4 Feb 2010 at 10:29 p.m. UTC After Googling!!! The kill command terminates a Telnet session. Use the who command to view the Telnet session ID value. When you kill a Telnet session, the PIX Firewall lets any active commands terminate and then drops the connection without warning the user. The kill command does not affect PIX Firewall Manager sessions. The cisco document mentioned that the kill command is PIX Firewall command. is it mean that I can't use it in a router?? Thanks scarface..
ju1ce 8 posts	5 Feb 2010 at 12:41 a.m. UTC (* was my active session) R01#who Line User Host(s) Idle Location 514 vty 0 cisco idle 00:00:00 10.X.X.X 515 vty 1 cisco idle 00:00:04 10.X.X.X Interface User Mode Idle Peer Address R01#clear line vty 1 [confirm] [OK] R01# R01#who Line User Host(s) Idle Location 514 vty 0 cisco idle 00:00:00 10.X.X.X Interface User Mode Idle Peer Address R01# The following would work too.. R01#clear line 515 [confirm] [OK] R01# R01#who Line User Host(s) Idle Location *514 vty 0 cisco idle 00:00:00 10.X.X.X Interface User Mode Idle Peer Address R01#
sama 25 posts	5 Feb 2010 at 7:24 a.m. UTC Hello Ju1ce Thanks a lot for your clarifications. Now I can imagine the whole matter..Thanks a lot..
paulezasx 4 posts	5 Nov 2011 at 12:43 p.m. UTC Hi. I have an access server with 4 routers 4 switches. When we are using lab, 4-5 people at the same time, then we need to use " clear line x" command everytime we want to use the device, because other people session is still active, even if they are on other device! How can be line cleared automatically , when user uses ctrl-shift-6 , x , command? Because if we jump from Router to the Access Server, and jump to the switch then, our Router session is still active, and other people need to clear that line if they want to connect :( Have anybody any ideas?
paulezasx 4 posts	14 Nov 2011 at 8:06 a.m. UTC no one knows?....
dnewstat 35 posts	14 Nov 2011 at 3:36 p.m. UTC Line vty 0 4 1)exec-timeout 5 0 2)logout-warning 60 3)absolute-timeout 15 1) telnet session will be disconnected after 5 min of inactivity) 2)60 sec before automatically logging off router will send warning message to user to save config 3)after 15 min router will disconnect telnet session
paulezasx 4 posts	14 Nov 2011 at 5:13 p.m. UTC Thank you Dnewstat! Do you know, how I can restrict, to use commands like erase flash/ delete.../ debug all on my devices?
paulezasx 4 posts	14 Nov 2011 at 5:15 p.m. UTC Thank you Dnewstat! Do you know, how I can restrict, to use commands like erase flash/ delete.../ debug all on my devices?
dnewstat 35 posts	14 Nov 2011 at 6:35 p.m. UTC I haven't done this, but I think you would have to set up Radius authentication and TACACS+ http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml