Configuring Secure Shell

SSH Configuration describes how to configure Secure Shell on an S- K- or 7100-Series device. Secure Shell commands can be entered in any command mode.

SSH Configuration

Step	Task	Command(s)
1	Enable, disable, or reinitialize the SSH server.	set ssh {enable | disable | reinitialize}
2	Optionally modify the SSH client alive interval.	set ssh client alive-interval interval
3	Optionally modify the maximum number of times a client alive message will be sent before the session times out.	set ssh client alive-count count
4	Set or reinitialize the host key on the SSH server.	set ssh hostkey [reinitialize] [type type]
5	Start an SSH session. hostname - Specifies the host name or IP address of the remote host this SSH session is connecting to. -4 | -6 - Optionally specifies that SSH should use either IPv4 or IPv6 addresses, but not both. -b bind-address - Optionally specifies the IP address to transmit from when there are multiple interfaces and or addresses. -c cipher-spec - Optionally specifies a list of the cipher specifications allowed for encrypting this session. -e escape-char - Optionally sets the escape character for the session. -l login-name - Optionally specifies the user to login as on the remote host. -m mac-spec - Optionally specifies the MAC algorithms used for data integrity protection. -p port - Optionally specifies the host port to connect to on the remote host. -q - Optionally specifies that the session will operate in quiet mode, causing all warning and diagnostic messages to be suppressed. -r - Optionally specifies that normal routing table lookup should be bypassed and that the session request should be sent directly to a host on an attached network. -v - Optionally specifies that the session will operate in verbose mode, causing SSH to print debugging messages about its progress. -vrf router - Optionally specifies the router on which to source this SSH session.	ssh hostname [-4 | -6] [-b bind-address] [-c cipher-spec] [-e escape-char] [-l login-name] [-m mac-spec] [-p port] [-p] [-q] [-r] [-v] [-vrf router]
6	Set the allowed authentication methods when connecting to the SSH server (S-, K-Series).	set ssh allowed-auth {[password {enable | disable}] [pubkey {enable | disable}]}
7	If the public key authentication method is enabled and you are using the authkey method, explicitly map a public key to each user to be authenticated on the device (S-, K-Series).	set ssh server authkey username {ssh-dss | ssh-rsa} ssh-key [no-confirm]
8	If the public key authentication method is enabled and you are using the PKI method, establish the list of trusted CA certificates used during PKI authentication of a user‘s X.509 certificate (S-, K-Series).	set ssh server pki trusted-ca-list pki-cert-list
9	If the public key authentication method is enabled and you want to require that a user‘s certificate be explicitly configured on the device, configure the authorized certificate list containing all user certificates required for the device (S-, K-Series).	set ssh server pki authorized-cert-list pki-cert-list
10	Verify the SSH state.	show ssh state