Forum Discussion
hc_andy_35682
Nimbostratus
NimbostratusiRule help to set indefinite SSH login session
Thanks to this post I've created an iRule to handle ssh sessions using "IP::idle_timeout"
http://devcentral.f5.com/Default.aspx?tabid=53&view=topic&postid=32109
when CLIENT_ACCEPTED {
switch [TCP::local_port] {
"22" {
IP::idle_timeout 600
}
}
}
Is there an INDEFINITE idle_timeout value that keeps the session from timing out? I've set it to ZERO but this then STOPS me from ssh-ing into the box.
Thanks.
Andy
4 Replies
L4L7_53191I'd use a custom tcp profile for this task - you can set the timeout to indefinite.
-Matt- hc_andy_35682Thanks Matt.
I thought using an iRule would be the better way to go because then I could just apply the time out for SSH sessions and use the default fastL4 time out for other TCP related protocols.
Is there no way to set the timeout to INDEFINITE using IP::idle_timeout ???
Thanks.
Andy - L4L7_53191I'm not sure how to do this in a rule. It's real easy to setup a port 22 virtual server though, and I'd suggest going that route - it's cleaner, to me at least. It sounds like you've got a forwarder set up that handles multiple protocols. If this is the case, you can carve out that SSH traffic by adding a 0.0.0.0:22 virtual and applying the custom tcp timeout behavior to that virtual.
-Matt 
hoolioCirrostratus
Setting the idle timeout to 0 in the rule probably means immediate, not indefinite. You could try setting it to the max acceptable value instead (maybe 2147483647?).
But I agree with Matt--it's much better to create a separate VIP and custom FastL4 profile for this.
Aaron
