防火墙ssh登录提示idle timer expired,例如:
【原因分析】开启了密码控制功能,设备默认老化时间90天,以及闲置时间90天。具体说明如下:
RBM_S<H3C>disp password-control
Global password control configurations:
Password control: Enabled (device management users)
Disabled (network access users)
Password aging: Disabled (90 days)
Password length: Enabled (10 characters)
Password composition: Enabled (2 types, 1 characters per type)
Password history: Enabled (max history records:4)
Early notice on password expiration: 7 days
Maximum login attempts: 3
Action for exceeding login attempts: Lock user for 1 minutes
Minimum interval between two updates:24 hours
User account idle time: 90 days
Logins with aged password: 3 times in 30 days
Password complexity: Enabled (username checking)
Disabled (repeated characters checking)
Password change: Enabled (first login)
Disabled (mandatory weak password change)
User information in blacklist: Username and IP
对应调整命令:
undo password-control aging enable
password-control login idle-time 0
【预防方案】需要同时如上关闭这两个功能,避免账户密码过期后无法登陆。
【解决方案】可以参考案例MSR设备开启password-control后长时间未维护导致用户无法登录
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作