show ssh2

show ssh2

Description

Shows all SSHv2 configuration information, including the ciphers/MACs that are enabled, and Diffie-Hellman minimal supported group.

Syntax Description

This command has no arguments or variables.

Default

N/A.

Example

The following example shows all SSHv2 configuration information:

SSH module configuration details:
SSH Access            : Disabled
Key validity          : Invalid
Key type              : RSA 2048
TCP port              : 22
VR                    : all
Access profile        : not set
Secure Mode           : Off
Diffie-Hellman Groups : 18 (8192 bits)
Max Auth Tries        : 3
Idle time             : 60 minutes
Rekey Interval        : 4096 MB and no time limit
Ciphers               : aes128-cbc, 3des-cbc, aes192-cbc, aes256-cbc, rijndael-cbc@lysator.liu.se, aes128-ctr, aes192-ctr, aes256-ctr, chacha20-poly1305@openssh.com
Macs                  : hmac-md5-etm@openssh.com, hmac-sha1-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-96-etm@openssh.com, hmac-md5-96-etm@openssh.com, hmac-md5, hmac-sha1, hmac-sha2-256, hmac-sha2-512, hmac-sha1-96, hmac-md5-96
Public key algorithms : ssh-rsa, ssh-dss, x509v3-sign-rsa, x509v3-sign-dss
Login grace timeout   : 100 seconds

The following command displays x509v3 OCSP attributes (lines 18-22):

# show ssh2
SSH module configuration details:
SSH Access            : Disabled
Key validity          : Invalid
Key type              : none
TCP port              : 22
VR                    : all
Access profile        : not set
Secure Mode           : Off
Diffie-Hellman Groups : 14 (2048 bits), 16 (4096 bits), 18 (8192 bits)
Max Auth Tries        : 3
Idle time             : 60 minutes
Rekey Interval        : 4096 MB and no time limit
Ciphers               : chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr
Macs                  : hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
Public key algorithms : ssh-rsa, x509v3-sign-rsa, x509v3-sign-dss
Login grace timeout   : 120 seconds
X509v3 OCSP Attributes:
  OCSP                : On
  Nonce               : On
  Signer ocsp-nocheck : On
  Override Server URL : http://sshocsp:2023

The following command displays x509v3 RADIUS Authentication (lines 18-22):

# show ssh2
SSH module configuration details:
SSH Access                   : Enabled
Key validity                 : Valid
Key type                     : RSA 2048
TCP port                     : 22
VR                           : all
Access profile               : not set
Secure Mode                  : Off
Diffie-Hellman Groups        : 14 (2048 bits), 16 (4096 bits), 18 (8192 bits)
Max Auth Tries               : 3
Idle time                    : 60 minutes
Rekey Interval               : 4096 MB and no time limit
Ciphers                      : chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr
Macs                         : hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
Public key algorithms        : ssh-rsa, x509v3-sign-rsa, x509v3-sign-dss
Login grace timeout          : 120 seconds
X509v3 RADIUS Authentication :
    Password authentication  : On
    Username overwrite       : On
    Username strip domain    : On
    Username use domain      : abcdef.com

History

This command was first available in ExtremeXOS 22.1.

Information about rekey interval and public key algorithms was first available in ExtremeXOS 22.3.

Information about key type was added in ExtremeXOS 22.5.

Information about the login grace timeout period was added in ExtremeXOS 30.7.

x509v3 OCSP attributes and RADIUS Authentication were added in ExtremeXOS 32.2.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, and X695 series switches.