login-control
config>system
This command enables the context to configure the session control for console, FTP, SSH, and Telnet sessions.
[no] exponential-backoff
config>system>login-control
This command enables the exponential backoff of the login prompt. The exponential-backoff command is used to deter dictionary attacks, when a malicious user can gain access to the CLI by using a script to try admin with any conceivable password.
The no form of the command disables exponential-backoff.
no exponential-backoff
ftp
config>system>login-control
This command enables the context to configure FTP login control parameters.
inbound-max-sessions value
no inbound-max-sessions
config>system>login-control>ftp
This command configures the maximum number of concurrent inbound FTP sessions.
This value is the combined total of inbound and outbound sessions.
The no form of the command reverts to the default value.
3
the maximum number of concurrent FTP sessions on the node
idle-timeout {minutes | disable}
no idle-timeout
config>system>login-control
This command configures the idle timeout for FTP, console, SSH, and Telnet sessions before the session is terminated by the system.
By default, each idle FTP, console, SSH, or Telnet session times out after 30 minutes of inactivity.
The no form of the command reverts to the default value.
30
the idle timeout in minutes
when the disable option is specified, a session will never time out. To re-enable idle timeout, enter the command without the disable option.
[no] login-banner
config>system>login-control
This command enables or disables the display of a login banner. The login banner contains the 7705 SAR copyright and build date information for a console login attempt.
The no form of the command causes only the configured pre-login-message and a generic login prompt to display.
motd {url url-prefix:source-url | text motd-text-string}
no motd
config>system>login-control
This command creates the message of the day that is displayed after a successful console login. Only one message can be configured.
The no form of the command removes the message.
no motd
when the message of the day is present as a text file, provide both the url-prefix and the source-url of the file containing the message of the day. The URL prefix can be local or remote.
the text of the message of the day, up to 900 characters long. The motd-text-string must be enclosed in double quotes. Multiple text strings are not appended to one another.
Some special characters can be used to format the message text. The ‟\n” character creates multi-line MOTDs and the ‟\r” character restarts at the beginning of the new line. For example, entering ‟\n\r” will start the string at the beginning of the new line, while entering ‟\n” will start the second line below the last character from the first line.
pre-login-message login-text-string [name]
no pre-login-message
config>system>login-control
This command creates a message displayed prior to console login attempts on the console via Telnet.
Only one message can be configured. If multiple pre-login messages are configured, the last message entered overwrites the previous entry.
The system name can be added to an existing message without affecting the current pre-login message.
The no form of the command removes the message.
no pre-login-message
a text string, up to 900 characters. Any printable, 7-bit ASCII characters can be used. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
when the keyword name is defined, the configured system name is always displayed first in the login message. To remove the name from the login message, the message must be cleared and a new message entered without the name.
ssh
config>system>login-control
This command enables the context to configure SSH login control parameters.
[no] disable-graceful-shutdown
config>system>login-control>ssh
This command disables graceful shutdown of SSH sessions.
By default, SSH always performs a graceful shutdown on a TCP connection. When graceful shutdown is disabled, SSH sends a FIN message and then immediately terminates the connection.
The no form of the command enables graceful shutdown of SSH sessions.
no disable-graceful-shutdown
inbound-max-sessions value
no inbound-max-sessions
config>system>login-control>ssh
This command limits the number of inbound SSH sessions. Each 7705 SAR router is limited to a total of 15 inbound SSH sessions (IPv4 and IPv6).
The no form of the command reverts to the default value.
5
the maximum number of concurrent inbound SSH sessions, expressed as an integer
outbound-max-sessions value
no outbound-max-sessions
config>system>login-control>ssh
This command limits the number of outbound SSH sessions. Each 7705 SAR router is limited to a total of 15 outbound SSH sessions (IPv4 and IPv6).
The no form of the command reverts to the default value.
5
the maximum number of concurrent outbound SSH sessions, expressed as an integer
telnet
config>system>login-control
This command enables the context to configure the Telnet login control parameters.
[no] enable-graceful-shutdown
config>system>login-control>telnet
This command enables graceful shutdown of Telnet sessions.
When graceful shutdown is enabled, Telnet sends a FIN message and waits for an acknowledgment before terminating the TCP connection.
The no form of the command disables graceful shutdown of Telnet sessions.
no enable-graceful-shutdown
inbound-max-sessions value
no inbound-max-sessions
config>system>login-control>telnet
This command limits the number of inbound Telnet sessions. Each 7705 SAR router is limited to a total of 15 inbound Telnet sessions (IPv4 and IPv6).
The no form of the command reverts to the default value.
5
the maximum number of concurrent inbound Telnet sessions, expressed as an integer
outbound-max-sessions value
no outbound-max-sessions
config>system>login-control>telnet
This command limits the number of outbound Telnet sessions. Each 7705 SAR router is limited to a total of 15 outbound Telnet sessions (IPv4 and IPv6).
The no form of the command reverts to the default value.
5
the maximum number of concurrent outbound Telnet sessions, expressed as an integer
ttl-security min-ttl-value
no ttl-security
config>system>login-control>telnet
config>system>login-control>ssh
This command configures TTL security parameters for incoming packets. When the feature is enabled, SSH or Telnet connections will accept incoming IP packets from a peer only if the TTL value in the packet is greater than or equal to the minimum TTL value configured for that peer.
The no form of the command disables TTL security.
no ttl-security
specifies the minimum TTL value for an incoming packet