SSHd configuration

View the SSH configuration on the Sun Secure Application Switch.

The Sun Secure Application Switch implements Secure Shell (SSH) Version 2 for secure client/server communications. SSH provides secure remote logins and file transfers using encryption and public-key authentication. As part of establishing a secure connection, SSH uses a key pair retrieved from the Certificate and Key Manager (CKM) utility.

Once you establish an SSH session, you can transfer files with Secure Shell File Transfer Protocol (SFTP). SFTP provides more secure transfers than the original FTP, and uses a simple interface similar to FTP or Windows environments. SSH includes counters that detail the SFTP activity taking place over a connection.

Access mode

exec

Syntax

show switchServices sshd

Output Description

Heading Description Filter
Admin State The administrative state of the SSH server.

Valid values:
  • enabled : The SSH server is running.
  • disabled : The SSH server is not running.
adminState enumeration
Oper State The active, running state of the SSH session.

Valid values:
  • up : The sshd protocol is running on the server.
  • listeningButNoSvrKey : The application is waiting on the comm stack, but there is no valid server key.
  • down : The sshd protocol is not running on the server.
operationalState enumeration
Server Key ID The SSH server's DSA key ID. It indicates an index field within the Certificate and Key Manager entity to a DSA key. This key ID must be present for the server to operate. The key ID is generated using the Sun Secure Application Switch CKM utility. serverKeyId text
Server Key State The status of the operational server key used to establish SSH sessions.

Valid values:
  • validKey : The key can be used to establish sshd sessions.
  • invalidKey : The key can not be used to establish sshd sessions.
ServerKeyState enumeration
Key Diag Info The diagnostic info available for server key load errors. operKeyDiagInfo text
Idle Timeout The maximum number of seconds a session can remain idle before it is terminated. Use 0 to disable timeout (allow the session to remain live regardless of the duration of inactivity).

Valid values are from 0 to 86400. 		idleTimeout integer
Authentication Banner A text message sent to the SSH client during authentication. Enter between 0 and 255 alphanumeric characters. authenticationBanner text
Encryption Algorithms The encryption method(s) used.

Valid values:
  • none : No data protection.
  • des : The original Data Encryption Standard (DES) algorithm supported by SSHv1.
  • des3 : Triple DES algorithm.
  • blowfish : Blowfish algorithm.
  • des3Cbc : Triple DES algorithm, required by RFC1201, with cipher-block chaining.
  • blowfishCbc : Blowfish algorithm, with cipher-block chaining.
confEncryption enumeration
HMAC Algorithms The Hash Message Authentication Code (HMAC) method. Enter the list of allowable HMAC algorithms. HMAC is a type of checksum to help verify data integrity.

Valid values:
  • sha1 : full SHA1.
  • sha1b96 : 96 bit SHA1.
  • md5 : full MD5.
  • md5b96 : 96 bit MD5.
confHmac enumeration
User Authentication Methods The user authentication method. Enter the list of accepted user authentication methods.

Valid values:
  • none : no authentication method used to verify user.
  • password : user/password authentication.
  • publicKey : user/host public key authentication.
userAuthentication enumeration
Host Authentication List The list of allowable and prohibited clients, by IP address. Enter a comma-separated list of client addresses. These are the addresses that you want to explicitly permit or deny. The following special characters are accepted:

!: the NOT character, to deny an address.
~: a wildcard that replaces multiple characters.
x: a wildcard that replaces a single character.		 hostAuthentication text
Max Sessions The maximum number of SSH sessions allowed.

Valid values are from 0 to 10. 		maxSessions integer
Current Sessions The number of sessions currently open. currentSessions integer
Total Sessions The number of sessions opened on this server since it was started. totalSessions counter32
TCP Port The number of the port over which SSH is currently operating. tcpPort integer
Rejected Requests Total The number of sessions rejected because of either a bad host ID or because the system had reached its session limit. RejectedSessionTotal counter32
Rejected Requests TooMany The number of sessions rejected because the system had reached its session limit (too many session were already active). SessionRejectTooMany counter32
Rejected Requests BadHost The number of sessions rejected because of a bad host ID. SessionRejectBadHosts counter32
Memory Errors The number of memory errors detected (unable to get memory resources). memoryErrors counter32
Server Key Errors The number of server key errors detected (session attempts when the key is not valid). serverKeyErrors counter32
Oper Rng Errors The number of random number errors that occurred on the system. operRngErrors counter32

Related actions

You can do the following