Preface
- Text Conventions
- Platform-Dependent Conventions
- Providing Feedback to Us
- Getting Help
- Documentation and Training
About this Guide
- Notational Conventions
Introduction
- WiNG 7.1.X Operating System Overview
- CLI Overview
User Exec Mode Commands
- user-exec-commands
  - captive-portal-page-upload
  - change-password
  - clear
  - clock
  - cluster
  - commit
  - connect
  - crypto
  - create-cluster
  - crypto-cmp-cert-update
  - database
  - database-backup
  - database-restore
  - device-upgrade
  - enable
  - file-sync
  - help
  - join-cluster
  - l2tpv3
  - logging
  - mint
  - no
  - on
  - opendns
  - page
  - ping
  - ping6
  - ssh
  - telnet
  - terminal
  - time-it
  - traceroute
  - traceroute6
  - virtual-machine
  - watch
  - exit
Privileged Exec Mode Commands
- privileged-exec-commands
  - archive
  - boot
  - cd
  - configure
  - copy
  - cpe
  - delete
  - diff
  - dir
  - disable
  - edit
  - erase
  - ex3500
  - factory-reset
  - halt
  - mkdir
  - more
  - operational-mode
  - pwd
  - re-elect
  - reload
  - rename
  - rmdir
  - self
  - t5
  - upgrade
  - upgrade-abort
  - raid
  - no
Global Configuration Commands
- global-config-commands
Common Commands
- common-commands
  - clrscr
  - commit
  - exit
  - help
  - no
  - revert
  - service
  - show
  - write
Show Commands
- show-commands
  - show
  - adoption
  - bluetooth
  - boot
  - bonjour
  - captive-portal
  - captive-portal-page-upload (show commands)
  - cdp
  - classify-url
  - clock
  - cluster
  - cmp-factory-certs
  - commands
  - context
  - critical-resources
  - crypto
  - database
  - device-upgrade
  - dot1x
  - dpi
  - environmental-sensor
  - event-history
  - event-system-policy
  - ex3500
  - extdev
  - fabric-attach
  - file
  - file-sync
  - firewall
  - global
  - gps (show command)
  - gre
  - guest-registration
  - interface
  - iot-device-type-imagotag
  - ip
  - ip-access-list-stats
  - ipv6
  - ipv6-access-list
  - l2tpv3
  - lacp
  - ldap-agent
  - licenses
  - lldp
  - logging
  - mac-access-list-stats
  - mac-address-table
  - macauth
  - mac-auth-clients
  - mint
  - ntp
  - password-encryption
  - pppoe-client
  - privilege
  - radius
  - reload
  - rf-domain-manager
  - role
  - route-maps
  - rtls
  - running-config
  - session-changes
  - session-config
  - sessions
  - site-config-diff
  - smart-rf
  - snmpv3 (show command)
  - spanning-tree
  - startup-config
  - t5
  - terminal
  - timezone
  - traffic-shape
  - tron (show command)
  - upgrade-status
  - version
  - vrrp
  - virtual-machine
  - wireless
  - web-filter
  - what
  - wwan
Profiles
- Profile Config Commands
- Device Config Commands
  - adoption-site
  - area
  - channel-list
  - contact
  - country-code
  - floor
  - geo-coordinates
  - hostname
  - lacp
  - layout-coordinates
  - license
  - location
  - location-server
  - location-tenantid
  - mac-name
  - no
  - nsight
  - override-wlan
  - remove-override
  - rsa-key
  - sensor-server
  - timezone
  - trustpoint (device-config-mode)
  - raid
AAA Policy
- aaa-policy-commands
Auto-Provisioning Policy
- auto-provisioning-policy-commands
  - adopt
  - auto-create-rfd-template
  - default-adoption
  - deny
  - evaluate-always
  - redirect
  - upgrade
  - no
    - upgrade
Association-ACL Policy
- Association-acl-policy-commands
  - deny
  - permit
  - no
Access-List Policy
- ip-access-list
- mac-access-list
- ipv6-access-list
- ip-snmp-access-list
- ex3500-ext-access-list
- ex3500-std-access-list
DHCP-Server Policy
- dhcp-server-policy commands
- dhcpv6-server-policy commands
Firewall Policy
- firewall-policy-commands
  - acl-logging
  - alg
  - clamp
  - dhcp-offer-convert
  - dns-snoop
  - firewall
  - flow
  - ip
  - ip-mac
  - ipv6
  - ipv6-mac
  - logging
  - proxy-arp
  - proxy-nd
  - stateful-packet-inspection-12
  - storm-control
  - virtual-defragmentation
  - no
MiNT Policy
- mint-policy-commands
  - level
  - lsp
  - mtu
  - router
  - udp
  - no
Management Policy
- management-policy-commands
RADIUS Policy
- radius-group
  - guest
  - policy
  - rate-limit
  - no
- radius-server-policy
  - authentication
  - bypass
  - chase-referral
  - crl-check
  - ldap-agent
  - ldap-group-verification
  - ldap-server
  - local
  - nas
  - proxy
  - session-resumption
  - termination
  - use
  - no
- radius-user-pool-policy
  - duration
  - user
  - no
Radio-QoS Policy
- radio-qos-policy-commands
Role Policy
- role-policy-commands
SMART-RF Policy
- smart-rf-policy commands
WIPS Policy
- wips-policy-commands
WLAN-QoS Policy
- WLAN-QOS-Policy commands
L2TPv3 Policy
- l2tpv3-policy-commands
- l2tpv3-tunnel-commands
- l2tpv3-manual-session-commands
Router Mode
- router-mode-commands
Routing Policy
- routing-policy-commands
AAA-TACACS Policy
- aaa-tacacs-policy-commands
Meshpoint Policy
- meshpoint-config-instance
- meshpoint-qos-policy-config-instance
- meshpoint-device-config-instance
Passpoint Policy
- passpoint-policy
Crypto-CMP Policy
- crypto-cmp-policy-instance
- other-cmp-related-commands
  - use (other-cmp-related-commands)
  - show (other-cmp-related-commands)
Roaming Assist Policy
- roaming-assist-policy commands
Border Gateway Protocol
- bgp ip-prefix-list
- bgp ip-access-list
- bgp as-path-list
- bgp community-list
- bop ext-community-list
- bgp route-map
- bgp router-config
- bgp neighbor-config
Controller Managed WLAN Use Case
- CREATING A FIRST CONTROLLER MANAGED WLAN
AP Dual Modes of Operation
- Understanding Dual Mode Capability
AP5XX REV AA Upgrade Procedure
- Introduction
- Bulk 'Rev: AA' AP505/AP510 Upgrade through Virtual Controller
- Bulk 'Rev:AA' AP5XX Upgrade through WiNG Controller/ExtremeCloud Appliance

ssh

Configures the SSH server settings used to authenticate SSH connection to a EX3500 switch

Management access to an EX3500 switch can be enabled/disabled as required using separate interfaces and protocols (HTTP, SSH). Disabling unused and insecure interfaces and unused management services can dramatically reduce an attack footprint and free resources within an EX3500 management policy.

Supported in the following platforms:

Service Platforms — NX 95XX, NX 96XX, NX 7510

Syntax

ssh [authentication-retries <1-5>|server|server-key size <512-1024>|timeout <1-120>]

Parameters

ssh [authentication-retries <1-5>|server|server-key size <512-1024>|timeout <1-120>]

ssh	Enables SSH management access to an EX3500 switch. This option is disabled by default. Use this command to configure SSH access settings.
authentication-retries <1-5>	Configures the maximum number of retries made to connect to the SSH server resource <1-5> – Specify a value from 1 - 5. The default setting is 3.
server	Enables SSH server connection
server-key size <512-1024>	Configures the SSH server key size <512-1024> – Specify the SSH server key from 512 - 1,024. The default length is 768.
timeout <1-120>	Configures the SSH server resource inactivity timeout value in seconds. When the specified time is exceeded, the SSH server resource becomes unreachable and must be re-authenticated. <1-120> – Specify a value from 1 120 seconds. The default is 120 seconds.

Examples

nx9500-6C8809(config-ex3500-management-policy-test)#ssh authentication-retries 4

nx9500-6C8809(config-ex3500-management-policy-test)#ssh timeout 90

nx9500-6C8809(config-ex3500-management-policy-test)#ssh server-key size 600

nx9500-6C8809(config-ex3500-management-policy-test)#ssh server

nx9500-6C8809(config-ex3500-management-policy-test)#show context
ex3500-management-policy test
 ssh server
 ssh authentication-retries 4
 ssh timeout 90
 ssh server-key size 600
 http secure-server
 enable password level 3 7 12345678901020304050607080929291
 snmp-server enable traps authentication
 --More--
nx9500-6C8809(config-ex3500-management-policy-test)#

Related Commands

no (ex3500-management-policy-config-mode)

Disables SSH management access to an EX3500 switch

Published July 2019prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback