SSH Configuration describes how to configure Secure Shell on an S- K- or 7100-Series device. Secure Shell commands can be entered in any command mode.
Step | Task | Command(s) |
---|---|---|
1 | Enable, disable, or reinitialize the SSH server. | set ssh {enable | disable | reinitialize} |
2 | Optionally modify the SSH client alive interval. | set ssh client alive-interval interval |
3 | Optionally modify the maximum number of times a client alive message will be sent before the session times out. | set ssh client alive-count count |
4 | Set or reinitialize the host key on the SSH server. | set ssh hostkey [reinitialize] [type type] |
5 | Start an SSH session.
|
ssh hostname [-4 | -6] [-b bind-address] [-c cipher-spec] [-e escape-char] [-l login-name] [-m mac-spec] [-p port] [-p] [-q] [-r] [-v] [-vrf router] |
6 | Set the allowed authentication methods when connecting to the SSH server (S-, K-Series). | set ssh allowed-auth {[password {enable | disable}] [pubkey {enable | disable}]} |
7 | If the public key authentication method is enabled and you are using the authkey method, explicitly map a public key to each user to be authenticated on the device (S-, K-Series). | set ssh server authkey username {ssh-dss | ssh-rsa} ssh-key [no-confirm] |
8 | If the public key authentication method is enabled and you are using the PKI method, establish the list of trusted CA certificates used during PKI authentication of a user‘s X.509 certificate (S-, K-Series). | set ssh server pki trusted-ca-list pki-cert-list |
9 | If the public key authentication method is enabled and you want to require that a user‘s certificate be explicitly configured on the device, configure the authorized certificate list containing all user certificates required for the device (S-, K-Series). | set ssh server pki authorized-cert-list pki-cert-list |
10 | Verify the SSH state. | show ssh state |