ssh --- .. osdx:cfgcmd:: service ssh .. raw:: html SDE M10-Smart M2 RS420 AresC640 Secure SHell (SSH) protocol .. osdx:cfgcmd:: service ssh aaa .. raw:: html SDE M10-Smart M2 RS420 AresC640 AAA options .. osdx:cfgcmd:: service ssh aaa accounting .. raw:: html SDE M10-Smart M2 RS420 AresC640 Accounting list name :ref Reference: system aaa list * .. osdx:cfgcmd:: service ssh aaa authentication .. raw:: html SDE M10-Smart M2 RS420 AresC640 Authentication list name :ref Reference: system aaa list * .. osdx:cfgcmd:: service ssh access-control .. raw:: html SDE M10-Smart M2 RS420 AresC640 Limit how roles and users can access the system through SSH .. osdx:cfgcmd:: service ssh access-control allow .. raw:: html SDE M10-Smart M2 RS420 AresC640 Allow access to specific roles/users .. osdx:cfgcmd:: service ssh access-control allow role .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg id: Role :instances: Multiple .. osdx:cfgcmd:: service ssh access-control allow user .. raw:: html SDE M10-Smart M2 RS420 AresC640 User :ref Reference: system login user * :instances: Multiple .. osdx:cfgcmd:: service ssh access-control deny .. raw:: html SDE M10-Smart M2 RS420 AresC640 Deny access to specific roles/users .. osdx:cfgcmd:: service ssh access-control deny role .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg id: Role :instances: Multiple .. osdx:cfgcmd:: service ssh access-control deny user .. raw:: html SDE M10-Smart M2 RS420 AresC640 User :ref Reference: system login user * :instances: Multiple .. osdx:cfgcmd:: service ssh cipher .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg id: Ciphers to use for ongoing SSH connections It is possible to limit which ciphers will be used for ongoing SSH connections. A list of ciphers is accepted, and they will be sorted by their strength (strong-first based ordering). :instances: List of values .. osdx:cfgcmd:: service ssh disable-password-authentication .. raw:: html SDE M10-Smart M2 RS420 AresC640 Disables the login using password authentication .. osdx:cfgcmd:: service ssh host-key .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg file: Host key used when others connect to us through SSH :instances: Multiple .. osdx:cfgcmd:: service ssh keepalive-count-max .. raw:: html SDE M10-Smart M2 RS420 AresC640 Number of keepalive messages to be sent without any response from the client :arg u32: Disables connection termination (0) :arg u32: Number of messages to be sent (1-65535) .. osdx:cfgcmd:: service ssh keepalive-interval .. raw:: html SDE M10-Smart M2 RS420 AresC640 Timeout interval in seconds after which SSH will send a message requesting a response :arg u32: Seconds (0-65535) .. osdx:cfgcmd:: service ssh key-exchange .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg id: Specifies the available KEX (Key Exchange) algorithms :instances: List of values .. osdx:cfgcmd:: service ssh listen-address .. raw:: html SDE M10-Smart M2 RS420 AresC640 Listen address to listen to :arg ipv4: IP address to listen to :arg ipv6: IPv6 address to listen to :arg hostname: Hostname to listen to :Local IP address: :instances: Multiple .. osdx:cfgcmd:: service ssh log-level .. raw:: html SDE M10-Smart M2 RS420 AresC640 Specific log-level to use. Each level logs their own messages and "higher" levels ones :arg quiet: Log no messages :arg fatal: Fatal messages :arg error: Error messages :arg info: Informational messages :arg verbose: More informational messages :arg debug: Debugging messages :arg debug2: More debugging messages :arg debug3: Even more debugging messages .. osdx:cfgcmd:: service ssh mac .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg id: Specifies the available MAC (Message Authentication Code) algorithms The MAC algorithm is used for data integrity protection. The algorithms that contain "-etm" calculate the MAC after encryption (encrypt-then-mac). These are considered safer and their use recommended. :instances: List of values .. osdx:cfgcmd:: service ssh match .. raw:: html SDE M10-Smart M2 RS420 AresC640 Match directives to apply a given configuration to specific users or groups .. osdx:cfgcmd:: service ssh match address .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg ipv4cidr: Specific configuration for matched addresses :arg ipv6cidr: Specific configuration for matched addresses :instances: Multiple .. osdx:cfgcmd:: service ssh match address disable-password-authentication .. raw:: html SDE M10-Smart M2 RS420 AresC640 Disables the login using password authentication .. osdx:cfgcmd:: service ssh match address keepalive-count-max .. raw:: html SDE M10-Smart M2 RS420 AresC640 Number of keepalive messages to be sent without any response from the client :arg u32: Disables connection termination (0) :arg u32: Number of messages to be sent (1-65535) .. osdx:cfgcmd:: service ssh match address keepalive-interval .. raw:: html SDE M10-Smart M2 RS420 AresC640 Timeout interval in seconds after which SSH will send a message requesting a response :arg u32: Seconds (0-65535) .. osdx:cfgcmd:: service ssh match address log-level .. raw:: html SDE M10-Smart M2 RS420 AresC640 Specific log-level to use. Each level logs their own messages and "higher" levels ones :arg quiet: Log no messages :arg fatal: Fatal messages :arg error: Error messages :arg info: Informational messages :arg verbose: More informational messages :arg debug: Debugging messages :arg debug2: More debugging messages :arg debug3: Even more debugging messages .. osdx:cfgcmd:: service ssh match host .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg ipv4: Specific configuration for matched hosts :arg ipv6: Specific configuration for matched hosts :instances: Multiple .. osdx:cfgcmd:: service ssh match host disable-password-authentication .. raw:: html SDE M10-Smart M2 RS420 AresC640 Disables the login using password authentication .. osdx:cfgcmd:: service ssh match host keepalive-count-max .. raw:: html SDE M10-Smart M2 RS420 AresC640 Number of keepalive messages to be sent without any response from the client :arg u32: Disables connection termination (0) :arg u32: Number of messages to be sent (1-65535) .. osdx:cfgcmd:: service ssh match host keepalive-interval .. raw:: html SDE M10-Smart M2 RS420 AresC640 Timeout interval in seconds after which SSH will send a message requesting a response :arg u32: Seconds (0-65535) .. osdx:cfgcmd:: service ssh match host log-level .. raw:: html SDE M10-Smart M2 RS420 AresC640 Specific log-level to use. Each level logs their own messages and "higher" levels ones :arg quiet: Log no messages :arg fatal: Fatal messages :arg error: Error messages :arg info: Informational messages :arg verbose: More informational messages :arg debug: Debugging messages :arg debug2: More debugging messages :arg debug3: Even more debugging messages .. osdx:cfgcmd:: service ssh match role .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg id: Specific configuration for matched roles :instances: Multiple .. osdx:cfgcmd:: service ssh match role disable-password-authentication .. raw:: html SDE M10-Smart M2 RS420 AresC640 Disables the login using password authentication .. osdx:cfgcmd:: service ssh match role keepalive-count-max .. raw:: html SDE M10-Smart M2 RS420 AresC640 Number of keepalive messages to be sent without any response from the client :arg u32: Disables connection termination (0) :arg u32: Number of messages to be sent (1-65535) .. osdx:cfgcmd:: service ssh match role keepalive-interval .. raw:: html SDE M10-Smart M2 RS420 AresC640 Timeout interval in seconds after which SSH will send a message requesting a response :arg u32: Seconds (0-65535) .. osdx:cfgcmd:: service ssh match role log-level .. raw:: html SDE M10-Smart M2 RS420 AresC640 Specific log-level to use. Each level logs their own messages and "higher" levels ones :arg quiet: Log no messages :arg fatal: Fatal messages :arg error: Error messages :arg info: Informational messages :arg verbose: More informational messages :arg debug: Debugging messages :arg debug2: More debugging messages :arg debug3: Even more debugging messages .. osdx:cfgcmd:: service ssh match user .. raw:: html SDE M10-Smart M2 RS420 AresC640 Specific configuration for matched users :ref Reference: system login user * :instances: Multiple .. osdx:cfgcmd:: service ssh match user disable-password-authentication .. raw:: html SDE M10-Smart M2 RS420 AresC640 Disables the login using password authentication .. osdx:cfgcmd:: service ssh match user keepalive-count-max .. raw:: html SDE M10-Smart M2 RS420 AresC640 Number of keepalive messages to be sent without any response from the client :arg u32: Disables connection termination (0) :arg u32: Number of messages to be sent (1-65535) .. osdx:cfgcmd:: service ssh match user keepalive-interval .. raw:: html SDE M10-Smart M2 RS420 AresC640 Timeout interval in seconds after which SSH will send a message requesting a response :arg u32: Seconds (0-65535) .. osdx:cfgcmd:: service ssh match user log-level .. raw:: html SDE M10-Smart M2 RS420 AresC640 Specific log-level to use. Each level logs their own messages and "higher" levels ones :arg quiet: Log no messages :arg fatal: Fatal messages :arg error: Error messages :arg info: Informational messages :arg verbose: More informational messages :arg debug: Debugging messages :arg debug2: More debugging messages :arg debug3: Even more debugging messages .. osdx:cfgcmd:: service ssh port .. raw:: html SDE M10-Smart M2 RS420 AresC640 Port for SSH service :arg u32: Numeric IP port (1-32767) :arg u32: Numeric IP port (60000-65535) .. osdx:cfgcmd:: service ssh vrf .. raw:: html SDE M10-Smart M2 RS420 AresC640 VRF interface to run SSH on :ref Reference: system vrf *