익스트림 스위치 ssh/telnet 세션.

익스트림 스위치 ssh/telnet 세션.

익스트림 스위치에 ssh 접속시도했는데, 아래와 같은 접속 거부 메시지가 보였다.

$ ssh wadmin@172.16.100.2
ssh_exchange_identification: read: Connection reset by peer

다행히 telnet 접속도 허용해 놓은 상태여서 일단 접속 가능했다.

현재 세션을 확인해 보면 아래 처럼 8개의 ssh 연결된 상태다. 익스트림 스위치의 ssh 최대 동시 접속은 8 이다. 아래는 8개의 ssh 접속이 있어서 더이상 접속을 허용하지 않는 상태가 되었다.

C-1F.1 # show session
                                                             CLI
    #       Login Time               User     Type    Auth   Auth Location
================================================================================
 79359      Mon Sep 27 12:25:20 2021 wadmin   ssh2    local  dis  192.168.100.122
 79361      Mon Sep 27 12:29:10 2021 wadmin   ssh2    local  dis  192.168.100.122
 79363      Mon Sep 27 12:32:55 2021 wadmin   ssh2    local  dis  192.168.100.122
 79365      Mon Sep 27 12:39:20 2021 wadmin   ssh2    local  dis  192.168.100.122
 79366      Mon Sep 27 12:43:05 2021 wadmin   ssh2    local  dis  192.168.100.122
 79378      Mon Sep 27 13:37:30 2021 wadmin   ssh2    local  dis  192.168.100.122
 79380      Mon Sep 27 13:41:15 2021 wadmin   ssh2    local  dis  192.168.100.122
 79381      Mon Sep 27 13:41:41 2021 wadmin   telnet  local  dis  192.168.100.121
*79382      Mon Sep 27 13:42:39 2021 wadmin   telnet  local  dis  192.168.100.122

아래는 세션 id 79359를 삭제하는 명령이다.

C-1F.2 # clear session 79359

모든 세션을 삭제하려면 세션 id 대신 all을 사용하면 된다. 모든 세션은 telnet 세션과 현재 접속중인 세션도 포함되므로 아래처럼 접속이 끊긴다.

C-1F.3 # clear session all
Connection closed by foreign host.

이제, ssh 접속이 잘 된다.

$ ssh wadmin@172.16.100.2
The authenticity of host '172.16.100.2 (172.16.100.2)' can't be established.
RSA key fingerprint is SHA256:44O1ho6Ur3H57QVdVeBXURIvU7nAnf0cO3sqQljMlZI.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.100.2' (RSA) to the list of known hosts.
admin@172.16.100.2's password:
ExtremeXOS
Copyright (C) 1996-2018 Extreme Networks. All rights reserved.
This product is protected by one or more US patents listed at https://www.extremenetworks.com/company/legal/patents/ along with their foreign counterparts.
==============================================================================

Press the <tab> or '?' key at any time for completions.
Remember to save your configuration changes.


C-1F.1 #
C-1F.1 # show session
                                                             CLI
    #       Login Time               User     Type    Auth   Auth Location
================================================================================
*79383      Mon Sep 27 13:43:36 2021 wadmin   ssh2    local  dis  192.168.100.122
C-1F.2 #

최대 세션 수와 세션 타임아웃 값은 show management 명령으로 확인 가능하다.

# show management
CLI idle timeout                 : Enabled (2 minutes)
CLI max number of login attempts : 3
CLI max number of sessions       : 8
CLI paging                       : Enabled (this session only)
CLI space-completion             : Disabled (this session only)
CLI configuration logging        : Disabled
CLI password prompting only      : Disabled
CLI RADIUS cmd authorize tokens  : 2
CLI scripting                    : Disabled (this session only)
CLI scripting error mode         : Ignore-Error (this session only)
CLI persistent mode              : Persistent (this session only)
CLI prompting                    : Enabled (this session only)
CLI screen size                  : 25 Lines 80 Columns (this session only)
CLI refresh                      : Enabled
Telnet access                    : Enabled (tcp port 23 vr all)
                                 : Access Profile : not set
SSH access                       : Disabled (Key invalid, tcp port 22 vr all)
                                 : Secure-Mode    : Off
                                 : Access Profile : not set
SSH2 idle time                   : 60 minutes
Web access                       : Disabled (tcp port 80)
                                 : Access Profile : not set
Total Read Only Communities	 : 1
Total Read Write Communities	 : 1
RMON                             : Disabled
SNMP access                      : Enabled
                                 : Access Profile : not set
SNMP Compatibility Options       :
    GETBULK Reply Too Big Action : Too Big Error
    IP Fragmentation             : Disallow
SNMP Notifications               : Enabled
SNMP Notification Receivers  : None
SNMP stats:	InPkts 101311  OutPkts   101309  Errors 0       AuthErrors 2
		Gets   58320   GetNexts  14331   Sets   0       Drops      0       
SNMP traps:	Sent   0       AuthTraps Enabled
SNMP inform:	Sent   0       Retries   0       Failed 0

위의 결과를 보면, ssh2 idle time이 60분인 것을 볼 수 있다. 이 값을 2분으로 조정하려면, configure ssh2 idletimeout 2 명령을 사용하면 된다.

답글 남기기

Your email address will not be published.

%d bloggers like this: