Hello!
Device: SRX4200
Version: 15.1X49-D110.4
I've been trying to do some JunOS security hardening and I'm stumbling upon a weird phenomenon (at least to me it is) with the logged in users.
So I know you can logout users and it's been successful to a certain degree. This is the current situation:
"Request system logout terminal p1" doesn't do anything, CLI doesn't return any message. Making it more specific doesn't work either, "request system logout terminal p1 user chxxx". I know that the root users are more finnicky to kick, but I have actually been able to do that on my QFXs and even on the SRX:
(Been able to kick root (d0) from both nodes)
Now I did find this post:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB9341&cat=JUNOS&actp=LIST
And I tried this too; I checked the system processes both trying to match out the terminal values and by just looking through with my own eyes. The users that don't have a "WHAT" value don't seem to have a process linked to them. It's almost like they exist in the void? The chxxx user that exists on both nodes is probably from when I logged in between node1 and back to node0, but as said, I can't even kick these!
Before you point me towards an idle-timeout config, I do have that, but I need to fix the login class and make new local ones because it's not sticking to the standard super-user classes so currently it doesn't really work, and frankly I want to figure this out! I suppose the answer lies in what type of terminal the user is? I have been able to kick "p" TTYs from my QFXs, although they did have a "WHAT" value...
Any KB or PR articles, or response would be appreciated!