A user logged into a device through a console expects the session to be logged out when disconnecting from the console. Although this doesn't happen by default on Junos devices, the console can be secured by using the Junos log-out-on-disconnect feature.
When disconnecting the console cable from a Juniper router or switch, the user account is not automatically logged out and the console session is still found to be functioning. After removing the physical cable from EX Switch console port the user session remains logged in.
Example, the user is still logged in after removing the console connection:- Log into an EX Switch as a user via SSH and separately to console.
- Remove physical console connection.
- Issue the following CLI command:
root# run show system users
7:19AM up 37 mins, 2 users, load averages: 0.31, 0.03, 0.05
USER TTY FROM LOGIN@ IDLE WHAT
root u0 - 7:19AM - cli ===> Represents console session
root p0 10.130.38.125 7:19AM - cli ===> Represents ssh session
To log a user out after console connection is removed:
Configure the following under 'system' hierarchy and commit to configuration:
system {
ports {
console log-out-on-disconnect;
}
}
Verify the user is logged out:- Log into an EX Switch as a user via SSH and separately to console.
- Remove physical console connection.
- Issue the following CLI command:
root# run show system users
7:20AM up 38 mins, 2 users, load averages: 0.31, 0.03, 0.05
USER TTY FROM LOGIN@ IDLE WHAT
root p0 10.130.38.125 7:2
0AM - cli ===> Represents ssh session
This confirms that the console user session has been logged out.
Note: The
log-out-on-disconnect
command will have no effect on MX80 routers due to a hardware limitation.