Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPS SSH timeout

Is there a way to set the SSH timeout on the IPS 6.x sensors? I certainly cant find it...

thanks

2 REPLIES
Silver

Re: IPS SSH timeout

Cisco IOS IPS Certificate-Sometimes the Cisco IOS IPS certificate stored is incorrect. To delete a certificate from Cisco IOS IPS, you need to remove the trustpoint from the Cisco IOS IPS router.

If ip http timeout-policy is configured with a low number of maximum requests, such as:

ip http timeout-policy idle 600 life 86400 requests 1

You need to increase the maximum request number.

For example: ip http timeout-policy idle 600 life 86400 requests 8400

Gold

Re: IPS SSH timeout

The question was about the 6.x (and earlier) appliance sensors, not the IOS IPS. The ssh server in the appliance sensors have caused us to fail every security audit. Specifically you can not control the idle session timeout (as macroberts noted above), in fact it never times out! You can not specify the number of failed logins and you must use local authenticaion, no TACACS or RADIUS.

It is more than a little embarassing to have your security devices fail your security audit. Cisco has been aware of these deficiencies for years but has failed to address them. One has to wonder how serious Cisco is about security on the IPS platform.

298
Views
1
Helpful
2
Replies
CreatePlease login to create content