configure ssh2 secure-mode

Add the following command to the ExtremeXOS 16.2 Command Reference Guide
configure ssh2 secure-mode [on | off]


This command (secure-mode on) disables the weak ciphers and macs in SSH server and client.

Syntax Description

on Enable all supported algorithms.
off Enable only compliance algorithms.



Usage Guidelines

After enabling secure-mode:
  • For communication, SSH server uses a new secure-mode list made each for ciphers and macs.
  • For SSH client, EPM is notified to change the bit dedicated to SSH secure-mode, which hides the weak ciphers and macs from SSH client CLI commands.


configure ssh2 secure-mode on 

show management
CLI idle timeout                 : Disabled
CLI max number of login attempts : 3
CLI max number of sessions       : 8
CLI paging                       : Enabled (this session only)
CLI space-completion             : Disabled (this session only)
CLI configuration logging        : Enabled
CLI password prompting only      : Disabled
CLI RADIUS cmd authorize tokens  : 2
CLI scripting                    : Disabled (this session only)
CLI scripting error mode         : Ignore-Error (this session only)
CLI persistent mode              : Persistent (this session only)
CLI prompting                    : Enabled (this session only)
CLI screen size                  : 24 Lines 80 Columns (this session only)
CLI refresh                      : Enabled
Telnet access                    : Enabled (tcp port 23 vr all)
                                 : Access Profile : not set
SSH access                       : Enabled (Key valid, tcp port 22 vr all)
                                 : Secure-Mode    : On
                                 : Access Profile : not set
SSH2 idle time                   : 60 minutes
Web access                       : Enabled (tcp port 80)
                                 : Access Profile : not set
Total Read Only Communities      : 1
Total Read Write Communities     : 1
RMON                             : Disabled
SNMP access                      : Enabled
                                 : Access Profile : not set
SNMP Notifications               : Enabled
SNMP Notification Receivers  : None
SNMP stats:     InPkts 0       OutPkts   0       Errors 0       AuthErrors 0               
                Gets   0       GetNexts  0       Sets   0       Drops      0
SNMP traps:     Sent   0       AuthTraps Enabled
SNMP inform:    Sent   0       Retries   0       Failed 0


This command was first available in ExtremeXOS 16.2.

Platform Availability

This command is available on all platforms.