configure ssh2 secure-mode

configure ssh2 secure-mode [on | off]

Description

This command (secure-mode on) disables the weak ciphers and macs in SSH server and client.

Syntax Description

on	Enable all supported algorithms.
off	Enable only compliance algorithms.

Default

Off.

Usage Guidelines

After enabling secure-mode:

For communication, SSH server uses a new secure-mode list made each for ciphers and macs.
For SSH client, EPM is notified to change the bit dedicated to SSH secure-mode, which hides the weak ciphers and macs from SSH client CLI commands.

Example

configure ssh2 secure-mode on 

show management
CLI idle timeout                 : Disabled
CLI max number of login attempts : 3
CLI max number of sessions       : 8
CLI paging                       : Enabled (this session only)
CLI space-completion             : Disabled (this session only)
CLI configuration logging        : Enabled
CLI password prompting only      : Disabled
CLI RADIUS cmd authorize tokens  : 2
CLI scripting                    : Disabled (this session only)
CLI scripting error mode         : Ignore-Error (this session only)
CLI persistent mode              : Persistent (this session only)
CLI prompting                    : Enabled (this session only)
CLI screen size                  : 24 Lines 80 Columns (this session only)
CLI refresh                      : Enabled
Telnet access                    : Enabled (tcp port 23 vr all)
                                 : Access Profile : not set
SSH access                       : Enabled (Key valid, tcp port 22 vr all)
                                 : Secure-Mode    : On
                                 : Access Profile : not set
SSH2 idle time                   : 60 minutes
Web access                       : Enabled (tcp port 80)
                                 : Access Profile : not set
Total Read Only Communities      : 1
Total Read Write Communities     : 1
RMON                             : Disabled
SNMP access                      : Enabled
                                 : Access Profile : not set
SNMP Compatibility Options       :
    GETBULK Reply Too Big Action : Too Big Error
    IP Fragmentation             : Disallow
SNMP Notifications               : Enabled
SNMP Notification Receivers  : None
SNMP stats:     InPkts 0       OutPkts   0       Errors 0       AuthErrors 0               
                Gets   0       GetNexts  0       Sets   0       Drops      0
SNMP traps:     Sent   0       AuthTraps Enabled
SNMP inform:    Sent   0       Retries   0       Failed 0

History

This command was first available in ExtremeXOS 21.1.

Platform Availability

This command is available on all platforms.

Published November 2016prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback

Switching

Routing

Wireless

Management & Automation

Analytics & Visibility

Security & Access Control

Remote

Cloud

Security

Machine Learning

Campus Fabric

Data Center Fabric

Internet of Things

Wi-Fi 6

Primary & Secondary Education (K-12)

Retail

Service Providers

Federal Government

Manufacturing

Higher Education

Healthcare

Hospitality

State & Local Government

Sports & Public Venues

Support Portal

Knowledge Base

Documentation

End of Sale

Policies & Warranties

Training & Courses

Maintenance Services

Premier Services

Professional Services

Managed Services