1. ACLI Reference Guide
  2. ACLI Configuration Elements N-Z
  3. ssh-config

ssh-config

The ssh-config element is used to set the attributes of the SSH/SFTP server.

Parameters

rekey-interval
Enter the number of minutes before rekeying an SSH session.
  • Default: 60
  • Values: Min: 60 / Max: 600
rekey-byte-count
Enter the number of bytes, as a power of 2, to be transmitted before rekeying an SSH session. For example: 31 means 2^31 or 2147483648 bytes.
  • Default: 31
  • Values: Min: 20 / Max: 31
encr-algorithms
Enter the list of encryption algorthims which the SSH server should offer during session negotiation. Entries may be single values or a comma-separated list in double quotes. The SSH session will use the first algorithm which both the client and server support. The list of supported ciphers are updated per release as weaker ciphers are deprecated and then removed. See the Release Notes for the list of algorithms supported in this release.
  • Default: Type ? to see the default algorithms for this release.
  • Values: Type ? to see the supported values for this release.
hmac-algorithms
Enter the list of HMAC algorithms which the SSH server should offer during session negotitation. Entries may be single values or a comma-separated list in double quotes. The SSH session will use the first algorithm which both the client and server support. See the Release Notes for the list of algorithms supported in this release.
  • Default: Type ? to see the default algorithms for this release.
  • Values: Type ? to see the supported values for this release.
hostkey-algorithms
Enter the list of host key algorithms which the SSH server should offer during session negotitation. Entries may be single values or a comma-separated list in double quotes. The SSH session will use the first algorithm which both the client and server support. See the Release Notes for the list of algorithms supported in this release.
  • Default: Type ? to see the default algorithms for this release.
  • Values: Type ? to see the supported values for this release.
keyex-algorithms
Enter the list of key exchange algorithms which the SSH server should offer during session negotitation. Entries may be single values or a comma-separated list in double quotes. The SSH session will use the first algorithm which both the client and server support. See the Release Notes for the list of algorithms supported in this release.
  • Default: Type ? to see the default algorithms for this release.
  • Values: Type ? to see the supported values for this release.
proto-neg-time
Enter the number of seconds allocated for SSH session negotation.
  • Default: 30
  • Values: Min: 30 / Max: 60
keep-alive-enable
Enable or disable the TCP keep-alive timer.
  • Default: enabled
  • Values: enabled | disabled
keep-alive-idle-timer
Enter the number of seconds between the last data packet sent and the first keep-alive probe.
  • Default: 15
  • Values: Min: 15 / Max: 1800
keep-alive-interval
Enter the number of seconds between two successive keep-alive retransmissions.
  • Default: 15
  • Values: Min: 15 / Max: 120
keep-alive-retries
Enter the number of retransmissions before declaring the remote end unavailable.
  • Default: 2
  • Values: Min: 2 / Max: 10

Path

ssh-config is an element under the security path. The full path from the topmost ACLI prompt is: configure terminal , and then security , and then ssh-config.