configure ssh2 secure-mode
Description
This command (secure-mode on) disables the weak ciphers and macs in SSH server and client.
Syntax Description
on | Enable all supported algorithms. |
off | Enable only compliance algorithms. |
Default
Off.
Usage Guidelines
After enabling secure-mode:
- For communication, SSH server uses a new secure-mode list made each for ciphers and macs.
- For SSH client, EPM is notified to change the bit dedicated to SSH secure-mode, which hides the weak ciphers and macs from SSH client CLI commands.
Example
configure ssh2 secure-mode on show management CLI idle timeout : Disabled CLI max number of login attempts : 3 CLI max number of sessions : 8 CLI paging : Enabled (this session only) CLI space-completion : Disabled (this session only) CLI configuration logging : Enabled CLI password prompting only : Disabled CLI RADIUS cmd authorize tokens : 2 CLI scripting : Disabled (this session only) CLI scripting error mode : Ignore-Error (this session only) CLI persistent mode : Persistent (this session only) CLI prompting : Enabled (this session only) CLI screen size : 24 Lines 80 Columns (this session only) CLI refresh : Enabled Telnet access : Enabled (tcp port 23 vr all) : Access Profile : not set SSH access : Enabled (Key valid, tcp port 22 vr all) : Secure-Mode : On : Access Profile : not set SSH2 idle time : 60 minutes Web access : Enabled (tcp port 80) : Access Profile : not set Total Read Only Communities : 1 Total Read Write Communities : 1 RMON : Disabled SNMP access : Enabled : Access Profile : not set SNMP Notifications : Enabled SNMP Notification Receivers : None SNMP stats: InPkts 0 OutPkts 0 Errors 0 AuthErrors 0 Gets 0 GetNexts 0 Sets 0 Drops 0 SNMP traps: Sent 0 AuthTraps Enabled SNMP inform: Sent 0 Retries 0 Failed 0
History
This command was first available in ExtremeXOS 16.2.
Platform Availability
This command is available on all platforms.