Secure Shell (SSH) Server Version 2 on the ME provides secure client/server communications, remote logins, and file transfers using encryption and public-key authentication. To establish a secure connection and communications session, SSH uses a key pair that you generate or receive from a valid certificate authority (CA). The ME uses the OpenSSH daemon for SSH support.
An SSH session allows you to transfer files with Secure Shell File Transfer Protocol (SFTP), providing more secure transfers than FTP and an easy-to-use interface. SSH uses counters that record SFTP activity over the SSH connection.
When running SSH on the ME, the SSH session is transparent and the CLI appears just as it would if you were connecting from a console or over Telnet. The ME implementation of SSH does not support all the user-configurable attributes typically supported by SSH workstations. If you try to change an attribute that the ME does not support, you will receive a notification that the setting failed.
Configures an SSH listener on an IP interface. Note that although you can configure SSH settings on each IP interface, there is only one SSH daemon running, with one configuration. The SSH configuration is an aggregate of the separate interface SSH configurations.
config cluster box number interface ethX ip name ssh config cluster box number interface ethX vlan number ip name ssh config box interface ethX ip name ssh config box interface ethX vlan number ip name ssh
admin: Sets the administrative state of the SSH protocol, either enabled (running) or disabled. When disabled, the parameters of SSH can still be configured, but do not become active until admin is set to enabled.
Default: enabled
Values: enabled | disabled
Example: set admin disabled
max-sessions: Sets the maximum number of concurrent SSH sessions allowed, enforced at the box level. The enforced value is an aggregate of the SSH session limits set on each IP interface that has SSH enabled. For example, to enforce a limit of five total SSH sessions per box, you could set IP ”A” to an SSH session limit of two and IP ”B” to an SSH session limit of three, for a total of five.
Default: 8 Values: Min: 1 / Max: 32
Example: set max-sessions 4
idle-timeout: Specifies the amount of time in seconds allowed to elapse before the ME closes the SSH session due to inactivity.
Default: 600
Values: Min: 60 / Max: 86400
Example: set idle-timeout 300
port: Identifies the known TCP port through which the ME listens for SSH sessions.
Default: 22
Values: Min: 1 / Max: 65535
Example: set port 25
mode: Sets the version of SSH the system should use. Be aware multiple vulnerabilities exist in SSH version 1, and it is therefore not secure. Use the compatibility setting to allow the system to determine the version in use by the remote system and set its own version to match.
Default: compatibility
Values: ssh-1 | ssh-2 | compatibility
Example: set mode ssh-1
authentication: Sets the authentication method(s) the ME uses to authenticate users, either password or public key. To use public key SSH authentication on the ME, generate a public/private key pair, install the public key on the system, and install the private key on your SSH client. You can select either SSH version 1 (RSA) or SSH version 2 (public-key) authentication. You can select If you do not specify any authentication methods, the system applies the OpenSSH defaults.
Default: There is no default setting
Values: password | public-key | rsa
Example: set authentication password
account: Sets the account(s) to use for SSH authentication, either root or a user account (ssh). Use the ssh password action to set up an account password if the account type is set to ssh. By default, the system uses the root account. However, if you set the account type to ssh, the root account no longer applies. You can then add it back in using this property.
Default: root
Values: root | ssh
Example: set account ssh
log-level: Specifies to the SSH daemon the level of SSH events to generate and send to the ME event log. The SSH component sends all events of that level and higher.
Default: verbose
Values: quiet | fatal | error | info | verbose | debug | debug1 | debug2 | debug3
Example: set log-level debug