View the SSH configuration on the Sun Secure Application Switch.
The Sun Secure Application Switch implements Secure Shell (SSH) Version 2 for secure client/server communications. SSH provides secure remote logins and file transfers using encryption and public-key authentication. As part of establishing a secure connection, SSH uses a key pair retrieved from the Certificate and Key Manager (CKM) utility.
Once you establish an SSH session, you can transfer files with Secure Shell File Transfer Protocol (SFTP). SFTP provides more secure transfers than the original FTP, and uses a simple interface similar to FTP or Windows environments. SSH includes counters that detail the SFTP activity taking place over a connection.
exec
show switchServices sshd
Heading | Description | Filter |
---|---|---|
Admin State | The administrative state of the SSH server. Valid values:
|
adminState enumeration |
Oper State | The active, running state of the SSH session. Valid values:
|
operationalState enumeration |
Server Key ID | The SSH server's DSA key ID. It indicates an index field within the Certificate and Key Manager entity to a DSA key. This key ID must be present for the server to operate. The key ID is generated using the Sun Secure Application Switch CKM utility. | serverKeyId text |
Server Key State | The status of the operational server key used to establish SSH sessions. Valid values:
|
ServerKeyState enumeration |
Key Diag Info | The diagnostic info available for server key load errors. | operKeyDiagInfo text |
Idle Timeout | The maximum number of seconds a session can remain idle before it is terminated. Use 0 to disable timeout (allow the session to remain live regardless of the duration of inactivity). Valid values are from 0 to 86400. |
idleTimeout integer |
Authentication Banner | A text message sent to the SSH client during authentication. Enter between 0 and 255 alphanumeric characters. | authenticationBanner text |
Encryption Algorithms | The encryption method(s) used. Valid values:
|
confEncryption enumeration |
HMAC Algorithms | The Hash Message Authentication Code (HMAC) method. Enter the list of allowable HMAC algorithms. HMAC is a type of checksum to help verify data integrity. Valid values:
|
confHmac enumeration |
User Authentication Methods | The user authentication method. Enter the list of accepted user authentication methods. Valid values:
|
userAuthentication enumeration |
Host Authentication List | The list of allowable and prohibited clients, by IP address. Enter a comma-separated list of client addresses. These are the addresses that you want to explicitly permit or deny. The following special characters are accepted: !: the NOT character, to deny an address. ~: a wildcard that replaces multiple characters. x: a wildcard that replaces a single character. |
hostAuthentication text |
Max Sessions | The maximum number of SSH sessions allowed. Valid values are from 0 to 10. |
maxSessions integer |
Current Sessions | The number of sessions currently open. | currentSessions integer |
Total Sessions | The number of sessions opened on this server since it was started. | totalSessions counter32 |
TCP Port | The number of the port over which SSH is currently operating. | tcpPort integer |
Rejected Requests Total | The number of sessions rejected because of either a bad host ID or because the system had reached its session limit. | RejectedSessionTotal counter32 |
Rejected Requests TooMany | The number of sessions rejected because the system had reached its session limit (too many session were already active). | SessionRejectTooMany counter32 |
Rejected Requests BadHost | The number of sessions rejected because of a bad host ID. | SessionRejectBadHosts counter32 |
Memory Errors | The number of memory errors detected (unable to get memory resources). | memoryErrors counter32 |
Server Key Errors | The number of server key errors detected (session attempts when the key is not valid). | serverKeyErrors counter32 |
Oper Rng Errors | The number of random number errors that occurred on the system. | operRngErrors counter32 |
You can do the following