If these sessions indeed sit there at the login prompt there is little you can do. There is DGPicketts suggestion of using truss and/or lsof to terminate sessions, but this is a workaround rather than a solution.
If you have many and rapidly changing connections (although this should be no problem with typical telnet connections, other protocols are more prone to that) you might want to tune the keepalive-parameters in AIX to allow for faster closing of already closed sessions: TCP sessions getting into the state FIN-WAITING (see netstat -a output) take some time to become finally closed and this can pose a problem if very many connection-attempts are done in a short time. Usually this is the case with the Oracle-Listener connections in DB-servers with many clients but the same can happen with other protocols too.
Check the network options with the command
Code:
no -a
and look at the values of: tcp_keepintvl, tcp_keepidle and tcp_keepinit.
You can change these parameters (they are measured in half-seconds, hence i.e "150" means 75 seconds) with the command:
Code:
no -o <parameter>=<value>
Be sure to read the man page of no before changing anything because these tuning parameters can heavily affect the network output of your system!
Well, truss and lsof just give info. Maybe you can see if there is a problem IP creating sessions using lsof. It almost sounds like a Denial Of Service attack! But usually the TCP protocol should close them out. TCP not only waits for lost packets on dead connections, but on normal, stable close holds data for retransmits in case that last FIN ACK packet gets lost, and the FIN packet arrives again, retransmitted. However, the age of some of these is way past such timers. First use truss to see what it is waiting on. Then use lsof to find out who/what is on that process and fd #'s.
As for me it seems that you have problems with your users, not AIX ;-)
Try to add export TMOUT=300 in /etc/profile. Then all new sessions of your users will be automatically logged off after 300 seconds of inactivity. The old sessions have to be killed.
Last edited by rbatte1; 02-16-2015 at 12:11 PM..
Reason: Added ICODE tags
I think that these are sessions that are yet to log in though. You are also assuming that the users drop to the command line, which can be a very dangerous place to let business users get to.
I have a job that scans and terminates idle sessions from the application to handle that.
Your time-out setting is also 360 seconds, because there is a warning issued which has a further 60 seconds delay before the shell exists.
What kind of problems can be faced if any session which connects to unix server is open for longer time?
How to find out from how much time that session is idle? :) (1 Reply)
hello guys, Does anybody know how I can log all the telnet sessions for a specific IP.
For instance, anybody who make a telnet to IP x.x.x.x this session will be logged. the purpose of it is that I need to know every command that people are running on this node.
Any help ?
Thanks. (1 Reply)
Currenly my hp-ux server can take the default of 60 telnet connections,
i want to know how i can increase this. and also can i effect such changes without doing a reboot.
My server is HP-UX B.11.23 (1 Reply)
Discussion started by: tomjones
1 Replies
4. Forum Support Area for Unregistered Users & Account Problems
Hello,
I have a busybox with tinylogin. How can I log user out when I found the telnet session is idle for 10 seconds?
I set
TMOUT=10
export TMOUT
in /etc/profile
I found it doesn't work for me.
Can anybody help me?
Thanks a lot!
jing (1 Reply)
I am trying to find the following information regarding the logging of telnet sessions within a Solaris 10 environment:
(1) How can I tell if the logging of telnet sessions is enabled on a Solaris 10 machine?
(2) Assuming that the logging of telnet sessions is not enabled, what is the... (1 Reply)
we moved to new server this weekend.
npty nstrpty nstrtel all set to 700
now this AM, users are getting on and after 60 (which was the default for those parms) users - everyone else gets a telnet msg.
I urgently need to know what is causing this and how to fix.
thank you.
Lisa (3 Replies)
I have put TMOUT=1800;export TMOUT in the /etc/profile, put it does not work, by the way the root default shell is sh. but I wana every one including root to terminate the session after setting idle for 1800 seconds. thank for the help. (1 Reply)
Anyone know how to limit the telnet sessions on a per user basis on an HP UX Box.
I would like to limit the Maximum number of telnet seesions a user can open at any give time to around 4 or 5. I have been looking and looking and do not seem to be able to find anything on this. Any help would be... (2 Replies)
We use SCO OSR5 with TermLIte to create telnet sessions.
If you accidently click X on the TermLite screen and exit the session you leave process running. I've heard of a program that will allow you to re-connect to these 'floating' sessions and then be able to carry on your session.
Does anyone... (2 Replies)
