ssh

service ssh
SDE M10-Smart M2 RS420 AresC640

Secure SHell (SSH) protocol

service ssh aaa
SDE M10-Smart M2 RS420 AresC640

AAA options

service ssh aaa accounting <id>
SDE M10-Smart M2 RS420 AresC640

Accounting list name

Reference:

system aaa list <id>

service ssh aaa authentication <id>
SDE M10-Smart M2 RS420 AresC640

Authentication list name

Reference:

system aaa list <id>

service ssh access-control
SDE M10-Smart M2 RS420 AresC640

Limit how roles and users can access the system through SSH

service ssh access-control allow
SDE M10-Smart M2 RS420 AresC640

Allow access to specific roles/users

service ssh access-control allow role <id>
SDE M10-Smart M2 RS420 AresC640
Values:

  • id – Role

Instances:

Multiple

service ssh access-control allow user <txt>
SDE M10-Smart M2 RS420 AresC640

User

Reference:

system login user <txt>

Instances:

Multiple

service ssh access-control deny
SDE M10-Smart M2 RS420 AresC640

Deny access to specific roles/users

service ssh access-control deny role <id>
SDE M10-Smart M2 RS420 AresC640
Values:

  • id – Role

Instances:

Multiple

service ssh access-control deny user <txt>
SDE M10-Smart M2 RS420 AresC640

User

Reference:

system login user <txt>

Instances:

Multiple

service ssh cipher <id>
SDE M10-Smart M2 RS420 AresC640
Values:

  • id

    Ciphers to use for ongoing SSH connections

    It is possible to limit which ciphers will be used for ongoing SSH connections. A list of ciphers is accepted, and they will be sorted by their strength (strong-first based ordering).

Instances:

List of values

service ssh disable-password-authentication
SDE M10-Smart M2 RS420 AresC640

Disables the login using password authentication

service ssh host-key <file>
SDE M10-Smart M2 RS420 AresC640
Values:

  • file – Host key used when others connect to us through SSH

Instances:

Multiple

service ssh keepalive-count-max <u32>
SDE M10-Smart M2 RS420 AresC640

Number of keepalive messages to be sent without any response from the client

Values:

  • u32 – Disables connection termination (0)

  • u32 – Number of messages to be sent (1-65535)

service ssh keepalive-interval <u32>
SDE M10-Smart M2 RS420 AresC640

Timeout interval in seconds after which SSH will send a message requesting a response

Values:

  • u32 – Seconds (0-65535)

service ssh key-exchange <id>
SDE M10-Smart M2 RS420 AresC640
Values:

  • id – Specifies the available KEX (Key Exchange) algorithms

Instances:

List of values

service ssh listen-address <ipv4|ipv6|id>
SDE M10-Smart M2 RS420 AresC640

Listen address to listen to

Values:

  • ipv4 – IP address to listen to

  • ipv6 – IPv6 address to listen to

  • hostname – Hostname to listen to

Local IP address:

Instances:

Multiple

service ssh log-level <txt>
SDE M10-Smart M2 RS420 AresC640

Specific log-level to use. Each level logs their own messages and “higher” levels ones

Values:

  • quiet – Log no messages

  • fatal – Fatal messages

  • error – Error messages

  • info – Informational messages

  • verbose – More informational messages

  • debug – Debugging messages

  • debug2 – More debugging messages

  • debug3 – Even more debugging messages

service ssh mac <id>
SDE M10-Smart M2 RS420 AresC640
Values:

  • id

    Specifies the available MAC (Message Authentication Code) algorithms

    The MAC algorithm is used for data integrity protection. The algorithms that contain “-etm” calculate the MAC after encryption (encrypt-then-mac). These are considered safer and their use recommended.

Instances:

List of values

service ssh match
SDE M10-Smart M2 RS420 AresC640

Match directives to apply a given configuration to specific users or groups

service ssh match address <ipv4cidr|ipv6cidr>
SDE M10-Smart M2 RS420 AresC640
Values:

  • ipv4cidr – Specific configuration for matched addresses

  • ipv6cidr – Specific configuration for matched addresses

Instances:

Multiple

service ssh match address <ipv4cidr|ipv6cidr> disable-password-authentication
SDE M10-Smart M2 RS420 AresC640

Disables the login using password authentication

service ssh match address <ipv4cidr|ipv6cidr> keepalive-count-max <u32>
SDE M10-Smart M2 RS420 AresC640

Number of keepalive messages to be sent without any response from the client

Values:

  • u32 – Disables connection termination (0)

  • u32 – Number of messages to be sent (1-65535)

service ssh match address <ipv4cidr|ipv6cidr> keepalive-interval <u32>
SDE M10-Smart M2 RS420 AresC640

Timeout interval in seconds after which SSH will send a message requesting a response

Values:

  • u32 – Seconds (0-65535)

service ssh match address <ipv4cidr|ipv6cidr> log-level <txt>
SDE M10-Smart M2 RS420 AresC640

Specific log-level to use. Each level logs their own messages and “higher” levels ones

Values:

  • quiet – Log no messages

  • fatal – Fatal messages

  • error – Error messages

  • info – Informational messages

  • verbose – More informational messages

  • debug – Debugging messages

  • debug2 – More debugging messages

  • debug3 – Even more debugging messages

service ssh match host <ipv4|ipv6>
SDE M10-Smart M2 RS420 AresC640
Values:

  • ipv4 – Specific configuration for matched hosts

  • ipv6 – Specific configuration for matched hosts

Instances:

Multiple

service ssh match host <ipv4|ipv6> disable-password-authentication
SDE M10-Smart M2 RS420 AresC640

Disables the login using password authentication

service ssh match host <ipv4|ipv6> keepalive-count-max <u32>
SDE M10-Smart M2 RS420 AresC640

Number of keepalive messages to be sent without any response from the client

Values:

  • u32 – Disables connection termination (0)

  • u32 – Number of messages to be sent (1-65535)

service ssh match host <ipv4|ipv6> keepalive-interval <u32>
SDE M10-Smart M2 RS420 AresC640

Timeout interval in seconds after which SSH will send a message requesting a response

Values:

  • u32 – Seconds (0-65535)

service ssh match host <ipv4|ipv6> log-level <txt>
SDE M10-Smart M2 RS420 AresC640

Specific log-level to use. Each level logs their own messages and “higher” levels ones

Values:

  • quiet – Log no messages

  • fatal – Fatal messages

  • error – Error messages

  • info – Informational messages

  • verbose – More informational messages

  • debug – Debugging messages

  • debug2 – More debugging messages

  • debug3 – Even more debugging messages

service ssh match role <id>
SDE M10-Smart M2 RS420 AresC640
Values:

  • id – Specific configuration for matched roles

Instances:

Multiple

service ssh match role <id> disable-password-authentication
SDE M10-Smart M2 RS420 AresC640

Disables the login using password authentication

service ssh match role <id> keepalive-count-max <u32>
SDE M10-Smart M2 RS420 AresC640

Number of keepalive messages to be sent without any response from the client

Values:

  • u32 – Disables connection termination (0)

  • u32 – Number of messages to be sent (1-65535)

service ssh match role <id> keepalive-interval <u32>
SDE M10-Smart M2 RS420 AresC640

Timeout interval in seconds after which SSH will send a message requesting a response

Values:

  • u32 – Seconds (0-65535)

service ssh match role <id> log-level <txt>
SDE M10-Smart M2 RS420 AresC640

Specific log-level to use. Each level logs their own messages and “higher” levels ones

Values:

  • quiet – Log no messages

  • fatal – Fatal messages

  • error – Error messages

  • info – Informational messages

  • verbose – More informational messages

  • debug – Debugging messages

  • debug2 – More debugging messages

  • debug3 – Even more debugging messages

service ssh match user <txt>
SDE M10-Smart M2 RS420 AresC640

Specific configuration for matched users

Reference:

system login user <txt>

Instances:

Multiple

service ssh match user <txt> disable-password-authentication
SDE M10-Smart M2 RS420 AresC640

Disables the login using password authentication

service ssh match user <txt> keepalive-count-max <u32>
SDE M10-Smart M2 RS420 AresC640

Number of keepalive messages to be sent without any response from the client

Values:

  • u32 – Disables connection termination (0)

  • u32 – Number of messages to be sent (1-65535)

service ssh match user <txt> keepalive-interval <u32>
SDE M10-Smart M2 RS420 AresC640

Timeout interval in seconds after which SSH will send a message requesting a response

Values:

  • u32 – Seconds (0-65535)

service ssh match user <txt> log-level <txt>
SDE M10-Smart M2 RS420 AresC640

Specific log-level to use. Each level logs their own messages and “higher” levels ones

Values:

  • quiet – Log no messages

  • fatal – Fatal messages

  • error – Error messages

  • info – Informational messages

  • verbose – More informational messages

  • debug – Debugging messages

  • debug2 – More debugging messages

  • debug3 – Even more debugging messages

service ssh port <u32>
SDE M10-Smart M2 RS420 AresC640

Port for SSH service

Values:

  • u32 – Numeric IP port (1-32767)

  • u32 – Numeric IP port (60000-65535)

service ssh vrf <id>
SDE M10-Smart M2 RS420 AresC640

VRF interface to run SSH on

Reference:

system vrf <id>