Shows all SSHv2 configuration information, including the ciphers/MACs that are enabled, and Diffie-Hellman minimal supported group.
This command has no arguments or variables.
N/A.
The following example shows all SSHv2 configuration information:
SSH module configuration details: SSH Access : Disabled Key validity : Invalid Key type : RSA 2048 TCP port : 22 VR : all Access profile : not set Secure Mode : Off Diffie-Hellman Groups : 18 (8192 bits) Max Auth Tries : 3 Idle time : 60 minutes Rekey Interval : 4096 MB and no time limit Ciphers : aes128-cbc, 3des-cbc, aes192-cbc, aes256-cbc, rijndael-cbc@lysator.liu.se, aes128-ctr, aes192-ctr, aes256-ctr, chacha20-poly1305@openssh.com Macs : hmac-md5-etm@openssh.com, hmac-sha1-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-96-etm@openssh.com, hmac-md5-96-etm@openssh.com, hmac-md5, hmac-sha1, hmac-sha2-256, hmac-sha2-512, hmac-sha1-96, hmac-md5-96 Public key algorithms : ssh-rsa, ssh-dss, x509v3-sign-rsa, x509v3-sign-dss Login grace timeout : 100 seconds
The following command displays x509v3 OCSP attributes (lines 18-22):
# show ssh2 SSH module configuration details: SSH Access : Disabled Key validity : Invalid Key type : none TCP port : 22 VR : all Access profile : not set Secure Mode : Off Diffie-Hellman Groups : 14 (2048 bits), 16 (4096 bits), 18 (8192 bits) Max Auth Tries : 3 Idle time : 60 minutes Rekey Interval : 4096 MB and no time limit Ciphers : chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr Macs : hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1 Public key algorithms : ssh-rsa, x509v3-sign-rsa, x509v3-sign-dss Login grace timeout : 120 seconds X509v3 OCSP Attributes: OCSP : On Nonce : On Signer ocsp-nocheck : On Override Server URL : http://sshocsp:2023
The following command displays x509v3 RADIUS Authentication (lines 18-22):
# show ssh2 SSH module configuration details: SSH Access : Enabled Key validity : Valid Key type : RSA 2048 TCP port : 22 VR : all Access profile : not set Secure Mode : Off Diffie-Hellman Groups : 14 (2048 bits), 16 (4096 bits), 18 (8192 bits) Max Auth Tries : 3 Idle time : 60 minutes Rekey Interval : 4096 MB and no time limit Ciphers : chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr Macs : hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1 Public key algorithms : ssh-rsa, x509v3-sign-rsa, x509v3-sign-dss Login grace timeout : 120 seconds X509v3 RADIUS Authentication : Password authentication : On Username overwrite : On Username strip domain : On Username use domain : abcdef.com
The following command displays key algorithms (lines 6-8):
# show ssh2 SSH module configuration details: SSH Access : Enabled Key validity : Valid Key type : RSA 2048 Key algorithm : Current : rsa-sha2-256 Configured : rsa-sha2-256 TCP port : 22 VR : all Access profile : not set Secure Mode : Off Diffie-Hellman Groups : 14 (2048 bits), 16 (4096 bits), 18 (8192 bits) Max Auth Tries : 3 Idle time : 60 minutes Rekey Interval : 4096 MB and no time limit Ciphers : chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr Macs : hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1 Public key algorithms : ssh-rsa, x509v3-sign-rsa, x509v3-sign-dss Login grace timeout : 120 seconds X509v3 RADIUS Authentication : Password authentication : Off Username overwrite : Off Username strip domain : Off Username use domain : None X509v3 OCSP Attributes: OCSP : On Nonce : Off Signer ocsp-nocheck : Off Override Server URL : None
This command was first available in ExtremeXOS 22.1.
Information about rekey interval and public key algorithms was first available in ExtremeXOS 22.3.
Information about key type was added in ExtremeXOS 22.5.
Information about the login grace timeout period was added in ExtremeXOS 30.7.
x509v3 OCSP attributes and RADIUS Authentication were added in ExtremeXOS 32.2.
Information about the key algorithm was added in version 32.5.
This command is available on all Universal switches supported in this document.