Verify that Secure Shell (SSH) services are enabled on the switch and display SSH information to ensure that the SSH parameters are properly configured.
show ssh <global | session>
None
User EXEC
The show ssh global command displays the following information:
|
Output field |
Description |
|---|---|
|
Total active sessions |
Displays the number of active SSH sessions underway. |
|
version |
Displays if SSH is version 1 or version 2. The default is v2. As a best practice, configure the version to v2 only. |
|
port |
Displays the SSH connection port. The default is 22. You cannot configure the following TCP ports as SSH connection ports: 0 to 1024 (except port 22), 1100, 4095, 5000, 5111, 6000, or 999. |
|
max-sessions |
Displays the maximum number of SSH sessions allowed. |
|
timeout |
Displays the SSH connection authentication timeout in seconds. |
|
action rsa-keygen |
Displays the SSH RSA key size. |
|
action dsa-keygen |
Displays the SSH DSA key size. |
|
rsa-auth |
Displays if RSA authentication is enabled or disabled. |
|
dsa-auth |
Displays if DSA authentication is enabled or disabled. |
|
pass-auth |
Displays if password authentication is enabled or disabled. |
|
keyboard-interactive-auth |
Displays if the SSH server authentication mode is keyboard-interactive. |
|
x509-auth |
Displays if X.509 V3 authentication is enabled. |
|
x509-auth Trustpoint CA Name |
Displays the X.509 V3 CA trustpoint name. |
|
x509-auth Identity Subject Name |
Displays the digital certificate subject name to be used as the identity certificate. |
|
x509-auth overwrite |
Displays if the switch sends the principal name and domain name from the certificate to the RADIUS server for authorization. |
|
x509-auth strip-domain |
Displays if the switch sends the principal name from the certificate without the domain name to the RADIUS server for authorization. |
|
x509-auth use-domain |
Displays if the switch sends the principal name from the certificate, with the domain name you entered to the RADIUS server for authorization. |
|
x509-auth revocation-check-method |
Displays the X.509 V3 authentication revocation check method. The |
|
sftp enable |
Displays if Secure FTP (SFTP) is enabled. |
|
client enable |
Displays if the SSH client is enabled. |
|
enable |
Displays if SSH secure mode is enabled. False is disabled. Secure is enabled. |
|
authentication-type |
Displays the types of authentication configured. |
|
encryption-type |
Displays the types of encryption configured. |
|
key-exchange-method |
Displays the algorithms configured for key exchange. |
The following example displays global ssh information
Switch:1(config)#show ssh global
Total Active Sessions : 1
version : v2only
port : 22
max-sessions : 4
timeout : 60
action rsa-host key : rsa-hostkeysize 2048
action dsa-host key : dsa-hostkeysize 1024
rsa-auth : true
dsa-auth : true
pass-auth : true
keyboard-interactive-auth : false
x509-auth : true
x509-auth Trustpoint CA Name :
x509-auth Identity Subject Name : not configured
x509-auth overwrite : false
x509-auth strip-domain : false
x509-auth use-domain : -
x509-auth revocation-check-method : OCSP
sftp enable : true
client enable : true
enable : true
authentication-type : aead-aes-128-gcm-ssh aead-aes-256-gcm-ssh hmac-sha1 hmac-sha2-256
encryption-type : 3des-cbc aead-aes-128-gcm-ssh aead-aes-256-gcm-ssh aes128-cbc aes128-ctr
aes192-cbc aes192-ctr aes256-cbc aes256-ctr blowfish-cbc rijndael128-cbc
rijndael192-cbc
key-exchange-method : diffie-hellman-group-exchange-sha256 diffie-hellman-group14-sha1
diffie-hellman-group14-sha256 diffie-hellman-group16-sha512
diffie-hellman-group18-sha512