ssh --- .. osdx:cfgcmd:: service ssh .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Secure SHell (SSH) protocol .. osdx:cfgcmd:: service ssh aaa .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE AAA options .. osdx:cfgcmd:: service ssh aaa accounting .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Accounting list name :ref Reference: system aaa list * .. osdx:cfgcmd:: service ssh aaa authentication .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Authentication list name :ref Reference: system aaa list * .. osdx:cfgcmd:: service ssh access-control .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Limit how roles and users can access the system through SSH .. osdx:cfgcmd:: service ssh access-control allow .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Allow access to specific roles/users .. osdx:cfgcmd:: service ssh access-control allow role .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: Role :instances: Multiple .. osdx:cfgcmd:: service ssh access-control allow user .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE User :ref Reference: system login user * :instances: Multiple .. osdx:cfgcmd:: service ssh access-control deny .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Deny access to specific roles/users .. osdx:cfgcmd:: service ssh access-control deny role .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: Role :instances: Multiple .. osdx:cfgcmd:: service ssh access-control deny user .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE User :ref Reference: system login user * :instances: Multiple .. osdx:cfgcmd:: service ssh cipher .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: Ciphers to use for ongoing SSH connections It is possible to limit which ciphers will be used for ongoing SSH connections. A list of ciphers is accepted, and they will be sorted by their strength (strong-first based ordering). :instances: List of values .. osdx:cfgcmd:: service ssh disable-password-authentication .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Disables the login using password authentication .. osdx:cfgcmd:: service ssh host-key .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg file: Host key used when others connect to us through SSH :instances: Multiple .. osdx:cfgcmd:: service ssh host-key-algorithms .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: Specifies the host key algorithms that the server offers :instances: List of values .. osdx:cfgcmd:: service ssh keepalive-count-max .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Number of keepalive messages to be sent without any response from the client :arg u32: Disables connection termination (0) :arg u32: Number of messages to be sent (1-65535) .. osdx:cfgcmd:: service ssh keepalive-interval .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Timeout interval in seconds after which SSH will send a message requesting a response :arg u32: Seconds (0-65535) .. osdx:cfgcmd:: service ssh key-exchange .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: Specifies the available KEX (Key Exchange) algorithms :instances: List of values .. osdx:cfgcmd:: service ssh listen-address .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Listen address to listen to :arg ipv4: IP address to listen to :arg ipv6: IPv6 address to listen to :arg hostname: Hostname to listen to :Local IP address: :instances: Multiple .. osdx:cfgcmd:: service ssh log-level .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Specific log-level to use. Each level logs their own messages and "higher" levels ones :arg quiet: Log no messages :arg fatal: Fatal messages :arg error: Error messages :arg info: Informational messages :arg verbose: More informational messages :arg debug: Debugging messages :arg debug2: More debugging messages :arg debug3: Even more debugging messages .. osdx:cfgcmd:: service ssh login-grace-time .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg u32: The server disconnects after this time (in seconds) if the user has not successfully logged in. If the value is 0, there is no time limit. The default is 120 seconds. .. osdx:cfgcmd:: service ssh mac .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: Specifies the available MAC (Message Authentication Code) algorithms The MAC algorithm is used for data integrity protection. The algorithms that contain "-etm" calculate the MAC after encryption (encrypt-then-mac). These are considered safer and their use recommended. :instances: List of values .. osdx:cfgcmd:: service ssh match .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Match directives to apply a given configuration to specific users or groups .. osdx:cfgcmd:: service ssh match address .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg ipv4cidr: Specific configuration for matched addresses :arg ipv6cidr: Specific configuration for matched addresses :instances: Multiple .. osdx:cfgcmd:: service ssh match address disable-password-authentication .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Disables the login using password authentication .. osdx:cfgcmd:: service ssh match address keepalive-count-max .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Number of keepalive messages to be sent without any response from the client :arg u32: Disables connection termination (0) :arg u32: Number of messages to be sent (1-65535) .. osdx:cfgcmd:: service ssh match address keepalive-interval .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Timeout interval in seconds after which SSH will send a message requesting a response :arg u32: Seconds (0-65535) .. osdx:cfgcmd:: service ssh match address log-level .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Specific log-level to use. Each level logs their own messages and "higher" levels ones :arg quiet: Log no messages :arg fatal: Fatal messages :arg error: Error messages :arg info: Informational messages :arg verbose: More informational messages :arg debug: Debugging messages :arg debug2: More debugging messages :arg debug3: Even more debugging messages .. osdx:cfgcmd:: service ssh match host .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg ipv4: Specific configuration for matched hosts :arg ipv6: Specific configuration for matched hosts :instances: Multiple .. osdx:cfgcmd:: service ssh match host disable-password-authentication .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Disables the login using password authentication .. osdx:cfgcmd:: service ssh match host keepalive-count-max .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Number of keepalive messages to be sent without any response from the client :arg u32: Disables connection termination (0) :arg u32: Number of messages to be sent (1-65535) .. osdx:cfgcmd:: service ssh match host keepalive-interval .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Timeout interval in seconds after which SSH will send a message requesting a response :arg u32: Seconds (0-65535) .. osdx:cfgcmd:: service ssh match host log-level .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Specific log-level to use. Each level logs their own messages and "higher" levels ones :arg quiet: Log no messages :arg fatal: Fatal messages :arg error: Error messages :arg info: Informational messages :arg verbose: More informational messages :arg debug: Debugging messages :arg debug2: More debugging messages :arg debug3: Even more debugging messages .. osdx:cfgcmd:: service ssh match role .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: Specific configuration for matched roles :instances: Multiple .. osdx:cfgcmd:: service ssh match role disable-password-authentication .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Disables the login using password authentication .. osdx:cfgcmd:: service ssh match role keepalive-count-max .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Number of keepalive messages to be sent without any response from the client :arg u32: Disables connection termination (0) :arg u32: Number of messages to be sent (1-65535) .. osdx:cfgcmd:: service ssh match role keepalive-interval .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Timeout interval in seconds after which SSH will send a message requesting a response :arg u32: Seconds (0-65535) .. osdx:cfgcmd:: service ssh match role log-level .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Specific log-level to use. Each level logs their own messages and "higher" levels ones :arg quiet: Log no messages :arg fatal: Fatal messages :arg error: Error messages :arg info: Informational messages :arg verbose: More informational messages :arg debug: Debugging messages :arg debug2: More debugging messages :arg debug3: Even more debugging messages .. osdx:cfgcmd:: service ssh match user .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Specific configuration for matched users :ref Reference: system login user * :instances: Multiple .. osdx:cfgcmd:: service ssh match user disable-password-authentication .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Disables the login using password authentication .. osdx:cfgcmd:: service ssh match user keepalive-count-max .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Number of keepalive messages to be sent without any response from the client :arg u32: Disables connection termination (0) :arg u32: Number of messages to be sent (1-65535) .. osdx:cfgcmd:: service ssh match user keepalive-interval .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Timeout interval in seconds after which SSH will send a message requesting a response :arg u32: Seconds (0-65535) .. osdx:cfgcmd:: service ssh match user log-level .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Specific log-level to use. Each level logs their own messages and "higher" levels ones :arg quiet: Log no messages :arg fatal: Fatal messages :arg error: Error messages :arg info: Informational messages :arg verbose: More informational messages :arg debug: Debugging messages :arg debug2: More debugging messages :arg debug3: Even more debugging messages .. osdx:cfgcmd:: service ssh port .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Port for SSH service :arg u32: Numeric IP port (1-32767) :arg u32: Numeric IP port (60000-65535) .. osdx:cfgcmd:: service ssh pubkey-accepted-algorithms .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: Specifies the signature algorithms that will be accepted for public key authentication :instances: List of values .. osdx:cfgcmd:: service ssh vrf .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE VRF interface to run SSH on :ref Reference: system vrf *