Modify Secure Shell (SSH) configuration parameters to support public and private key encryption connections.
default ssh [dsa-auth] [max-sessions] [pass-auth] [port] [rekey data-limit] [rekey enable] [rekey time-interval] [rsa-auth] [secure] [timeout] [version] [x509v3-auth enable] [x509v3-auth revocation-check-method] [x509v3-auth username overwrite] [x509v3-auth username strip-domain] [x509v3-auth username use-domain]
no ssh [authentication-type] [authentication-type aead-aes-128-gcm-ssh] [authentication-type aead-aes-256-gcm-ssh] [authentication-type hmac-sha1] [authentication-type hmac-sha2-256] [dsa-auth] [dsa-host-key] [dsa-user-key WORD<1-15>] [encryption-type] [encryption-type 3des-cbc] [encryption-type aead-aes-128-gcm-ssh] [encryption-type aead-aes-256-gcm-ssh] [encryption-type aes128-cbc] [encryption-type aes128-ctr] [encryption-type aes192-cbc] [encryption-type aes192-ctr] [encryption-type aes256-cbc] [encryption-type aes256-ctr] [encryption-type blowfish-cbc] [encryption-type rijndael128-cbc] [encryption-type rijndael192-cbc] [key-exchange-method] [key-exchange-method diffie-hellman-group14-sha1] [key-exchange-method diffie-hellman-group-exchange-sha256] [pass-auth] [rekey enable] [rsa-auth] [rsa-host-key] [rsa-user-key WORD<1–15>] [secure] [x509v3-auth enable] [x509v3-auth username overwrite] [x509v3-auth username strip-domain] [x509v3-auth username use-domain]
ssh [authentication-type aead-aes-128-gcm-ssh] [authentication-type aead-aes-256-gcm-ssh] [authentication-type hmac-sha1] [authentication-type hmac-sha2-256] [dsa-auth] [dsa-host-key] [dsa-host-key <1024-1024>] [dsa-user-key WORD<1-15>] [dsa-user-key WORD<1-15> size <1024-1024>] [encryption-type 3des-cbc] [encryption-type aead-aes-128-gcm-ssh] [encryption-type aead-aes-256-gcm-ssh] [encryption-type aes128-cbc] [encryption-type aes128-ctr] [encryption-type aes192-cbc] [encryption-type aes192-ctr] [encryption-type aes256-cbc] [encryption-type aes256-ctr] [encryption-type blowfish-cbc] [encryption-type rijndael128-cbc] [encryption-type rijndael192-cbc] [key-exchange-method diffie-hellman-group14-sha1] [key-exchange-method diffie-hellman-group-exchange-sha256] [max-sessions <0-8>] [pass-auth] [port <22, 1024..49151>] [reset] [rekey data-limit <1-6>] [rekey enable] [rekey time-interval <1-6>] [rsa-auth] [rsa-host-key] [rsa-host-key <1024-2048>] [rsa-user-key WORD<1–15>] [secure] [timeout <1-120>] [version v2only] [x509v3-auth enable] [x509v3-auth revocation-check-method none] [x509v3-auth revocation-check-method ocsp] [x509v3-auth username overwrite] [x509v3-auth username strip-domain] [x509v3-auth username use-domain WORD<1-254>]
rwa for read-write-all
rw for read-write
ro for read-only
rwl3 for read-write for Layer 3
rwl2 for read-write for Layer 2
rwl1 for Layer 1
Enables Secure Shell (SSH) in secure mode and immediately disables non-secure access services.
After ssh secure is enabled, you can choose to enable individual non-secure protocols. However, after you save the configuration and restart the system, the non-secure protocol is again disabled, even though it is shown as enabled in the configuration file.
After you enable ssh secure, you cannot enable non-secure protocols by disabling ssh secure.
The default is disabled.
Global Configuration
Switch side encryption and authentication type must be configured to the AES-GCM-128/256 methods and needs at least one hmac method in the authentication list for the connection with Open SSH to work.