Home

Forums

Stories

Knowledge Base

Business Community > Switches > SSH idle timeout on SG2008P

< Switches

SSH idle timeout on SG2008P

STL_Admin

Saturday - last edited Yesterday

Posts: 4

Helpful: 1

Solutions: 0

Stories: 0

Registered: 2024-09-14

SSH idle timeout on SG2008P

Saturday - last edited Yesterday

Tags: #Firmware Update #CLI

Model: SG2008P

Hardware Version:

Firmware Version: 3.20.10

The recent firmware update from 3.20.9 to 3.20.10 seems to have introduced an aggressive idle timeout on ssh terminal sessions. No change in this area was mentioned in the release notes.

The switch is adopted by an Omada Controller, so nothing can actually be changed in the real CLI of course. There are no obvious settings in the main controller GUI for this, but I have tried issuing commands like "no ip ssh timeout" through the controller's "Device CLI" GUI. Nothing seems to be making any difference.

"show ip ssh" confirms that the timeout is set to 360 seconds. Intriguingly, other devices on older firmware actually show the same configuration, but don't timeout, so this is arguably a bug fix. And I fully understand the theoretical security benefits of a session timeout. But nevertheless, for my use case I need to be able to disable it, and return to the previous behaviour.

Please don't suggest that this should be raised as a "feature request": introducing a timeout, with no way of configuring it, is a regression.

1 Accepted Solution

Vincent-TP

Monday - last edited Yesterday

Posts: 3620

Helpful: 353

Solutions: 1224

Stories: 0

Registered: 2024-06-22

Re:SSH idle timeout on SG2008P-Solution

Monday - last edited Yesterday

Hi @STL_Admin

Thank you for sharing your feedback. We fully understand your concerns. As you mentioned, this change was indeed implemented to enhance network security management.

If this update has caused significant inconvenience, we recommend temporarily rolling back to the previous version.

Meanwhile, we will feedback to the relevant team and explore the possibility of adding a configurable option in future updates. Thanks for the understanding.

Wish you a happy life and smooth network usage! >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<

Recommended Solution

STL_Admin

LV1

Monday

Posts: 4

Helpful: 1

Solutions: 0

Stories: 0

Registered: 2024-09-14

Re:SSH idle timeout on SG2008P

Monday

Thank you for your speedy reply!

I'll look into the feasibility of a rollback, although in general that isn't ideal as we would then lose the benefit of any other changes in the latest release.

I don't necessarily need a GUI option for this (though that would of course be best). I'm happy with a CLI command to do it, because this issue is specific to the CLI anyway. But so far even the documented commands don't seem to be having any effect. Have those commands in themselves been disabled (which would be a very serious issue)?

The wider issue of having to use a clunky GUI to issue CLI commands doesn't help of course. That model has proven unreliable at the best of times, and in particular doesn't seem to give any feedback to indicate whether the command has succeeded, or even if it has actually been run at all. Please can consideration be given to not disabling the CLI on adopted devices? Anybody using the CLI can be assumed to know what they're doing, and so simply giving a warning that any local changes might be overridden by the controller would be sufficient. Then, it would be possible for administrators to test commands locally before configuring them in the controller GUI to be persistent.

SSH idle timeout on SG2008P

SSH idle timeout on SG2008P

Information

Voters 0

Tags