익스트림 스위치 ssh/telnet 세션.
익스트림 스위치에 ssh 접속시도했는데, 아래와 같은 접속 거부 메시지가 보였다.
$ ssh wadmin@172.16.100.2 ssh_exchange_identification: read: Connection reset by peer
다행히 telnet 접속도 허용해 놓은 상태여서 일단 접속 가능했다.
현재 세션을 확인해 보면 아래 처럼 8개의 ssh 연결된 상태다. 익스트림 스위치의 ssh 최대 동시 접속은 8 이다. 아래는 8개의 ssh 접속이 있어서 더이상 접속을 허용하지 않는 상태가 되었다.
C-1F.1 # show session
CLI
# Login Time User Type Auth Auth Location
================================================================================
79359 Mon Sep 27 12:25:20 2021 wadmin ssh2 local dis 192.168.100.122
79361 Mon Sep 27 12:29:10 2021 wadmin ssh2 local dis 192.168.100.122
79363 Mon Sep 27 12:32:55 2021 wadmin ssh2 local dis 192.168.100.122
79365 Mon Sep 27 12:39:20 2021 wadmin ssh2 local dis 192.168.100.122
79366 Mon Sep 27 12:43:05 2021 wadmin ssh2 local dis 192.168.100.122
79378 Mon Sep 27 13:37:30 2021 wadmin ssh2 local dis 192.168.100.122
79380 Mon Sep 27 13:41:15 2021 wadmin ssh2 local dis 192.168.100.122
79381 Mon Sep 27 13:41:41 2021 wadmin telnet local dis 192.168.100.121
*79382 Mon Sep 27 13:42:39 2021 wadmin telnet local dis 192.168.100.122
아래는 세션 id 79359를 삭제하는 명령이다.
C-1F.2 # clear session 79359
모든 세션을 삭제하려면 세션 id 대신 all을 사용하면 된다. 모든 세션은 telnet 세션과 현재 접속중인 세션도 포함되므로 아래처럼 접속이 끊긴다.
C-1F.3 # clear session all Connection closed by foreign host.
이제, ssh 접속이 잘 된다.
$ ssh wadmin@172.16.100.2
The authenticity of host '172.16.100.2 (172.16.100.2)' can't be established.
RSA key fingerprint is SHA256:44O1ho6Ur3H57QVdVeBXURIvU7nAnf0cO3sqQljMlZI.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.100.2' (RSA) to the list of known hosts.
admin@172.16.100.2's password:
ExtremeXOS
Copyright (C) 1996-2018 Extreme Networks. All rights reserved.
This product is protected by one or more US patents listed at https://www.extremenetworks.com/company/legal/patents/ along with their foreign counterparts.
==============================================================================
Press the <tab> or '?' key at any time for completions.
Remember to save your configuration changes.
C-1F.1 #
C-1F.1 # show session
CLI
# Login Time User Type Auth Auth Location
================================================================================
*79383 Mon Sep 27 13:43:36 2021 wadmin ssh2 local dis 192.168.100.122
C-1F.2 #
최대 세션 수와 세션 타임아웃 값은 show management 명령으로 확인 가능하다.
# show management
CLI idle timeout : Enabled (2 minutes)
CLI max number of login attempts : 3
CLI max number of sessions : 8
CLI paging : Enabled (this session only)
CLI space-completion : Disabled (this session only)
CLI configuration logging : Disabled
CLI password prompting only : Disabled
CLI RADIUS cmd authorize tokens : 2
CLI scripting : Disabled (this session only)
CLI scripting error mode : Ignore-Error (this session only)
CLI persistent mode : Persistent (this session only)
CLI prompting : Enabled (this session only)
CLI screen size : 25 Lines 80 Columns (this session only)
CLI refresh : Enabled
Telnet access : Enabled (tcp port 23 vr all)
: Access Profile : not set
SSH access : Disabled (Key invalid, tcp port 22 vr all)
: Secure-Mode : Off
: Access Profile : not set
SSH2 idle time : 60 minutes
Web access : Disabled (tcp port 80)
: Access Profile : not set
Total Read Only Communities : 1
Total Read Write Communities : 1
RMON : Disabled
SNMP access : Enabled
: Access Profile : not set
SNMP Compatibility Options :
GETBULK Reply Too Big Action : Too Big Error
IP Fragmentation : Disallow
SNMP Notifications : Enabled
SNMP Notification Receivers : None
SNMP stats: InPkts 101311 OutPkts 101309 Errors 0 AuthErrors 2
Gets 58320 GetNexts 14331 Sets 0 Drops 0
SNMP traps: Sent 0 AuthTraps Enabled
SNMP inform: Sent 0 Retries 0 Failed 0
위의 결과를 보면, ssh2 idle time이 60분인 것을 볼 수 있다. 이 값을 2분으로 조정하려면, configure ssh2 idletimeout 2 명령을 사용하면 된다.