configure ssh2 secure-mode

configure ssh2 secure-mode [on | off]

Description

This command (secure-mode on) disables the weak ciphers and macs in SSH server and client.

Syntax Description

on Enable all supported algorithms.
off Enable only compliance algorithms.

Default

Off.

Usage Guidelines

After enabling secure-mode:
  • For communication, SSH server uses a new secure-mode list made each for ciphers and macs.
  • For SSH client, EPM is notified to change the bit dedicated to SSH secure-mode, which hides the weak ciphers and macs from SSH client CLI commands.

Example

configure ssh2 secure-mode on 

show management
CLI idle timeout                 : Disabled
CLI max number of login attempts : 3
CLI max number of sessions       : 8
CLI paging                       : Enabled (this session only)
CLI space-completion             : Disabled (this session only)
CLI configuration logging        : Enabled
CLI password prompting only      : Disabled
CLI RADIUS cmd authorize tokens  : 2
CLI scripting                    : Disabled (this session only)
CLI scripting error mode         : Ignore-Error (this session only)
CLI persistent mode              : Persistent (this session only)
CLI prompting                    : Enabled (this session only)
CLI screen size                  : 24 Lines 80 Columns (this session only)
CLI refresh                      : Enabled
Telnet access                    : Enabled (tcp port 23 vr all)
                                 : Access Profile : not set
SSH access                       : Enabled (Key valid, tcp port 22 vr all)
                                 : Secure-Mode    : On
                                 : Access Profile : not set
SSH2 idle time                   : 60 minutes
Web access                       : Enabled (tcp port 80)
                                 : Access Profile : not set
Total Read Only Communities      : 1
Total Read Write Communities     : 1
RMON                             : Disabled
SNMP access                      : Enabled
                                 : Access Profile : not set
SNMP Notifications               : Enabled
SNMP Notification Receivers  : None
SNMP stats:     InPkts 0       OutPkts   0       Errors 0       AuthErrors 0               
                Gets   0       GetNexts  0       Sets   0       Drops      0
SNMP traps:     Sent   0       AuthTraps Enabled
SNMP inform:    Sent   0       Retries   0       Failed 0

History

This command was first available in ExtremeXOS 21.1.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X590, X620, X690, X870 series switches.