Modify Secure Shell (SSH) configuration parameters to support public and private key encryption connections.
default ssh [dsa-auth] [max-sessions] [pass-auth] [port] [rekey data-limit] [rekey enable] [rekey time-interval] [rsa-auth] [secure] [timeout] [version] [x509v3-auth enable] [x509v3-auth revocation-check-method] [x509v3-auth username overwrite] [x509v3-auth username strip-domain] [x509v3-auth username use-domain]
no ssh [authentication-type] [authentication-type aead-aes-128-gcm-ssh] [authentication-type aead-aes-256-gcm-ssh] [authentication-type hmac-sha1] [authentication-type hmac-sha2-256] [dsa-auth] [dsa-host-key] [dsa-user-key WORD<1-15>] [encryption-type] [encryption-type 3des-cbc] [encryption-type aead-aes-128-gcm-ssh] [encryption-type aead-aes-256-gcm-ssh] [encryption-type aes128-cbc] [encryption-type aes128-ctr] [encryption-type aes192-cbc] [encryption-type aes192-ctr] [encryption-type aes256-cbc] [encryption-type aes256-ctr] [encryption-type blowfish-cbc] [encryption-type rijndael128-cbc] [encryption-type rijndael192-cbc] [key-exchange-method] [key-exchange-method diffie-hellman-group14-sha1] [key-exchange-method diffie-hellman-group1-sha1] [pass-auth] [rekey enable] [rsa-auth] [rsa-host-key] [rsa-user-key WORD<1–15>] [secure] [x509v3-auth enable] [x509v3-auth username overwrite] [x509v3-auth username strip-domain] [x509v3-auth username use-domain]
ssh [authentication-type aead-aes-128-gcm-ssh] [authentication-type aead-aes-256-gcm-ssh] [authentication-type hmac-sha1] [authentication-type hmac-sha2-256] [dsa-auth] [dsa-host-key] [dsa-host-key <1024-1024>] [dsa-user-key WORD<1-15>] [dsa-user-key WORD<1-15> size <1024-1024>] [encryption-type 3des-cbc] [encryption-type aead-aes-128-gcm-ssh] [encryption-type aead-aes-256-gcm-ssh] [encryption-type aes128-cbc] [encryption-type aes128-ctr] [encryption-type aes192-cbc] [encryption-type aes192-ctr] [encryption-type aes256-cbc] [encryption-type aes256-ctr] [encryption-type blowfish-cbc] [encryption-type rijndael128-cbc] [encryption-type rijndael192-cbc] [key-exchange-method diffie-hellman-group14-sha1] [key-exchange-method diffie-hellman-group1-sha1] [max-sessions <0-8>] [pass-auth] [port <22, 1024..49151>] [rekey data-limit <1-6>] [rekey enable] [rekey time-interval <1-6>] [rsa-auth] [rsa-host-key] [rsa-host-key <1024-2048>] [rsa-user-key WORD<1–15>] [secure] [timeout <1-120>] [version v2only] [x509v3-auth enable] [x509v3-auth revocation-check-method none] [x509v3-auth revocation-check-method ocsp] [x509v3-auth username overwrite] [x509v3-auth username strip-domain] [x509v3-auth username use-domain WORD<1-254>]
rwa for read-write-all
rw for read-write
ro for read-only
rwl3 for read-write for Layer 3
rwl2 for read-write for Layer 2
rwl1 for Layer 1
Enables Secure Shell (SSH) in secure mode and immediately disables the access services SNMP, FTP, TFTP, rlogin, and Telnet.
Note
rlogin is only supported on VSP 8600 Series.
After ssh secure is enabled, you can choose to enable individual non-secure protocols. However, after you save the configuration and restart the system, the non-secure protocol is again disabled, even though it is shown as enabled in the configuration file.
After you enable ssh secure, you cannot enable non-secure protocols by disabling ssh secure.
The default is disabled.
Global Configuration
x509v3-auth is available for demonstration purposes on some products. For more information, see VOSS User Guide.