configure ssh2 secure-mode
Description
This command (secure-mode on) disables the weak ciphers and macs in SSH server and client.
Syntax Description
| on | Enable all supported algorithms. |
| off | Enable only compliance algorithms. |
Default
Off.
Usage Guidelines
After enabling secure-mode:
- For communication, SSH server uses a new secure-mode list made each for ciphers and macs.
- For SSH client, EPM is notified to change the bit dedicated to SSH secure-mode, which hides the weak ciphers and macs from SSH client CLI commands.
Example
configure ssh2 secure-mode on
show management
CLI idle timeout : Disabled
CLI max number of login attempts : 3
CLI max number of sessions : 8
CLI paging : Enabled (this session only)
CLI space-completion : Disabled (this session only)
CLI configuration logging : Enabled
CLI password prompting only : Disabled
CLI RADIUS cmd authorize tokens : 2
CLI scripting : Disabled (this session only)
CLI scripting error mode : Ignore-Error (this session only)
CLI persistent mode : Persistent (this session only)
CLI prompting : Enabled (this session only)
CLI screen size : 24 Lines 80 Columns (this session only)
CLI refresh : Enabled
Telnet access : Enabled (tcp port 23 vr all)
: Access Profile : not set
SSH access : Enabled (Key valid, tcp port 22 vr all)
: Secure-Mode : On
: Access Profile : not set
SSH2 idle time : 60 minutes
Web access : Enabled (tcp port 80)
: Access Profile : not set
Total Read Only Communities : 1
Total Read Write Communities : 1
RMON : Disabled
SNMP access : Enabled
: Access Profile : not set
SNMP Notifications : Enabled
SNMP Notification Receivers : None
SNMP stats: InPkts 0 OutPkts 0 Errors 0 AuthErrors 0
Gets 0 GetNexts 0 Sets 0 Drops 0
SNMP traps: Sent 0 AuthTraps Enabled
SNMP inform: Sent 0 Retries 0 Failed 0
History
This command was first available in ExtremeXOS 16.2.
Platform Availability
This command is available on all platforms.