Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
458
Views
1
Helpful
2
Replies

IPS SSH timeout

mcroberts
Level 1
Level 1

‎09-05-2007 03:56 AM - edited ‎03-10-2019 03:46 AM

Is there a way to set the SSH timeout on the IPS 6.x sensors? I certainly cant find it...

thanks

Labels:
0 Helpful
2 Replies 2

aghaznavi
Level 5
Level 5

‎09-11-2007 06:31 AM

Cisco IOS IPS Certificate-Sometimes the Cisco IOS IPS certificate stored is incorrect. To delete a certificate from Cisco IOS IPS, you need to remove the trustpoint from the Cisco IOS IPS router.

If ip http timeout-policy is configured with a low number of maximum requests, such as:

ip http timeout-policy idle 600 life 86400 requests 1

You need to increase the maximum request number.

For example: ip http timeout-policy idle 600 life 86400 requests 8400

rhermes
Level 7
Level 7
In response to aghaznavi

‎09-11-2007 10:44 AM

The question was about the 6.x (and earlier) appliance sensors, not the IOS IPS. The ssh server in the appliance sensors have caused us to fail every security audit. Specifically you can not control the idle session timeout (as macroberts noted above), in fact it never times out! You can not specify the number of failed logins and you must use local authenticaion, no TACACS or RADIUS.

It is more than a little embarassing to have your security devices fail your security audit. Cisco has been aware of these deficiencies for years but has failed to address them. One has to wonder how serious Cisco is about security on the IPS platform.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card