ssh
- service ssh
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Secure SHell (SSH) protocol
- service ssh aaa
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
AAA options
- service ssh aaa accounting <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Accounting list name
- Reference:
- service ssh aaa authentication <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Authentication list name
- Reference:
- service ssh access-control
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Limit how roles and users can access the system through SSH
- service ssh access-control allow
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Allow access to specific roles/users
- service ssh access-control allow role <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
id – Role
- Instances:
Multiple
- service ssh access-control allow user <txt>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
User
- Reference:
- Instances:
Multiple
- service ssh access-control deny
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Deny access to specific roles/users
- service ssh access-control deny role <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
id – Role
- Instances:
Multiple
- service ssh access-control deny user <txt>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
User
- Reference:
- Instances:
Multiple
- service ssh cipher <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
id –
Ciphers to use for ongoing SSH connections
It is possible to limit which ciphers will be used for ongoing SSH connections. A list of ciphers is accepted, and they will be sorted by their strength (strong-first based ordering).
- Instances:
List of values
- service ssh disable-password-authentication
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Disables the login using password authentication
- service ssh host-key <file>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
file – Host key used when others connect to us through SSH
- Instances:
Multiple
- service ssh host-key-algorithms <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
id – Specifies the host key algorithms that the server offers
- Instances:
List of values
- service ssh keepalive-count-max <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Number of keepalive messages to be sent without any response from the client
- Values:
u32 – Disables connection termination (0)
u32 – Number of messages to be sent (1-65535)
- service ssh keepalive-interval <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Timeout interval in seconds after which SSH will send a message requesting a response
- Values:
u32 – Seconds (0-65535)
- service ssh key-exchange <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
id – Specifies the available KEX (Key Exchange) algorithms
- Instances:
List of values
- service ssh listen-address <ipv4|ipv6|id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Listen address to listen to
- Values:
ipv4 – IP address to listen to
ipv6 – IPv6 address to listen to
hostname – Hostname to listen to
- Local IP address:
- Instances:
Multiple
- service ssh log-level <txt>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Specific log-level to use. Each level logs their own messages and “higher” levels ones
- Values:
quiet – Log no messages
fatal – Fatal messages
error – Error messages
info – Informational messages
verbose – More informational messages
debug – Debugging messages
debug2 – More debugging messages
debug3 – Even more debugging messages
- service ssh login-grace-time <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
u32 –
The server disconnects after this time (in seconds) if the user has not successfully logged in.
If the value is 0, there is no time limit. The default is 120 seconds.
- service ssh mac <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
id –
Specifies the available MAC (Message Authentication Code) algorithms
The MAC algorithm is used for data integrity protection. The algorithms that contain “-etm” calculate the MAC after encryption (encrypt-then-mac). These are considered safer and their use recommended.
- Instances:
List of values
- service ssh match
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Match directives to apply a given configuration to specific users or groups
- service ssh match address <ipv4cidr|ipv6cidr>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
ipv4cidr – Specific configuration for matched addresses
ipv6cidr – Specific configuration for matched addresses
- Instances:
Multiple
- service ssh match address <ipv4cidr|ipv6cidr> disable-password-authentication
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Disables the login using password authentication
- service ssh match address <ipv4cidr|ipv6cidr> keepalive-count-max <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Number of keepalive messages to be sent without any response from the client
- Values:
u32 – Disables connection termination (0)
u32 – Number of messages to be sent (1-65535)
- service ssh match address <ipv4cidr|ipv6cidr> keepalive-interval <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Timeout interval in seconds after which SSH will send a message requesting a response
- Values:
u32 – Seconds (0-65535)
- service ssh match address <ipv4cidr|ipv6cidr> log-level <txt>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Specific log-level to use. Each level logs their own messages and “higher” levels ones
- Values:
quiet – Log no messages
fatal – Fatal messages
error – Error messages
info – Informational messages
verbose – More informational messages
debug – Debugging messages
debug2 – More debugging messages
debug3 – Even more debugging messages
- service ssh match host <ipv4|ipv6>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
ipv4 – Specific configuration for matched hosts
ipv6 – Specific configuration for matched hosts
- Instances:
Multiple
- service ssh match host <ipv4|ipv6> disable-password-authentication
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Disables the login using password authentication
- service ssh match host <ipv4|ipv6> keepalive-count-max <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Number of keepalive messages to be sent without any response from the client
- Values:
u32 – Disables connection termination (0)
u32 – Number of messages to be sent (1-65535)
- service ssh match host <ipv4|ipv6> keepalive-interval <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Timeout interval in seconds after which SSH will send a message requesting a response
- Values:
u32 – Seconds (0-65535)
- service ssh match host <ipv4|ipv6> log-level <txt>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Specific log-level to use. Each level logs their own messages and “higher” levels ones
- Values:
quiet – Log no messages
fatal – Fatal messages
error – Error messages
info – Informational messages
verbose – More informational messages
debug – Debugging messages
debug2 – More debugging messages
debug3 – Even more debugging messages
- service ssh match role <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
id – Specific configuration for matched roles
- Instances:
Multiple
- service ssh match role <id> disable-password-authentication
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Disables the login using password authentication
- service ssh match role <id> keepalive-count-max <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Number of keepalive messages to be sent without any response from the client
- Values:
u32 – Disables connection termination (0)
u32 – Number of messages to be sent (1-65535)
- service ssh match role <id> keepalive-interval <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Timeout interval in seconds after which SSH will send a message requesting a response
- Values:
u32 – Seconds (0-65535)
- service ssh match role <id> log-level <txt>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Specific log-level to use. Each level logs their own messages and “higher” levels ones
- Values:
quiet – Log no messages
fatal – Fatal messages
error – Error messages
info – Informational messages
verbose – More informational messages
debug – Debugging messages
debug2 – More debugging messages
debug3 – Even more debugging messages
- service ssh match user <txt>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Specific configuration for matched users
- Reference:
- Instances:
Multiple
- service ssh match user <txt> disable-password-authentication
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Disables the login using password authentication
- service ssh match user <txt> keepalive-count-max <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Number of keepalive messages to be sent without any response from the client
- Values:
u32 – Disables connection termination (0)
u32 – Number of messages to be sent (1-65535)
- service ssh match user <txt> keepalive-interval <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Timeout interval in seconds after which SSH will send a message requesting a response
- Values:
u32 – Seconds (0-65535)
- service ssh match user <txt> log-level <txt>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Specific log-level to use. Each level logs their own messages and “higher” levels ones
- Values:
quiet – Log no messages
fatal – Fatal messages
error – Error messages
info – Informational messages
verbose – More informational messages
debug – Debugging messages
debug2 – More debugging messages
debug3 – Even more debugging messages
- service ssh port <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Port for SSH service
- Values:
u32 – Numeric IP port (1-32767)
u32 – Numeric IP port (60000-65535)
- service ssh pubkey-accepted-algorithms <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
id – Specifies the signature algorithms that will be accepted for public key authentication
- Instances:
List of values
- service ssh vrf <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
VRF interface to run SSH on
- Reference: