ssh
---

.. osdx:cfgcmd:: service ssh

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Secure SHell (SSH) protocol






.. osdx:cfgcmd:: service ssh aaa

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    AAA options






.. osdx:cfgcmd:: service ssh aaa accounting <id>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Accounting list name



    :ref Reference: system aaa list *



.. osdx:cfgcmd:: service ssh aaa authentication <id>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Authentication list name



    :ref Reference: system aaa list *



.. osdx:cfgcmd:: service ssh access-control

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Limit how roles and users can access the system through SSH






.. osdx:cfgcmd:: service ssh access-control allow

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Allow access to specific roles/users






.. osdx:cfgcmd:: service ssh access-control allow role <id>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>


    :arg id:
        Role


    :instances: Multiple



.. osdx:cfgcmd:: service ssh access-control allow user <txt>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    User



    :ref Reference: system login user *
    :instances: Multiple



.. osdx:cfgcmd:: service ssh access-control deny

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Deny access to specific roles/users






.. osdx:cfgcmd:: service ssh access-control deny role <id>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>


    :arg id:
        Role


    :instances: Multiple



.. osdx:cfgcmd:: service ssh access-control deny user <txt>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    User



    :ref Reference: system login user *
    :instances: Multiple



.. osdx:cfgcmd:: service ssh cipher <id>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>


    :arg id:
        Ciphers to use for ongoing SSH connections

        It is possible to limit which ciphers will be used for ongoing SSH connections.
        A list of ciphers is accepted, and they will be sorted by their strength (strong-first based
        ordering).


    :instances: List of values



.. osdx:cfgcmd:: service ssh disable-password-authentication

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Disables the login using password authentication






.. osdx:cfgcmd:: service ssh host-key <file>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>


    :arg file:
        Host key used when others connect to us through SSH


    :instances: Multiple



.. osdx:cfgcmd:: service ssh host-key-algorithms <id>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>


    :arg id:
        Specifies the host key algorithms that the server offers


    :instances: List of values



.. osdx:cfgcmd:: service ssh keepalive-count-max <u32>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Number of keepalive messages to be sent without any response from the client

    :arg u32:
        Disables connection termination (0)
    :arg u32:
        Number of messages to be sent (1-65535)





.. osdx:cfgcmd:: service ssh keepalive-interval <u32>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Timeout interval in seconds after which SSH will send a message requesting a response

    :arg u32:
        Seconds (0-65535)





.. osdx:cfgcmd:: service ssh key-exchange <id>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>


    :arg id:
        Specifies the available KEX (Key Exchange) algorithms


    :instances: List of values



.. osdx:cfgcmd:: service ssh listen-address <ipv4|ipv6|id>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Listen address to listen to

    :arg ipv4:
        IP address to listen to
    :arg ipv6:
        IPv6 address to listen to
    :arg hostname:
        Hostname to listen to

    :Local IP address:

    :instances: Multiple



.. osdx:cfgcmd:: service ssh log-level <txt>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Specific log-level to use. Each level logs their own messages and "higher" levels ones

    :arg quiet:
        Log no messages
    :arg fatal:
        Fatal messages
    :arg error:
        Error messages
    :arg info:
        Informational messages
    :arg verbose:
        More informational messages
    :arg debug:
        Debugging messages
    :arg debug2:
        More debugging messages





.. osdx:cfgcmd:: service ssh login-grace-time <u32>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>


    :arg u32:
        The server disconnects after this time (in seconds) if the user has not successfully logged in.

        If the value is 0, there is no time limit. The default is 120 seconds.





.. osdx:cfgcmd:: service ssh mac <id>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>


    :arg id:
        Specifies the available MAC (Message Authentication Code) algorithms

        The MAC algorithm is used for data integrity protection. The algorithms that contain
        "-etm" calculate the MAC after encryption (encrypt-then-mac).  These are considered safer and their
        use recommended.


    :instances: List of values



.. osdx:cfgcmd:: service ssh match

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Match directives to apply a given configuration to specific users or groups






.. osdx:cfgcmd:: service ssh match address <ipv4net|ipv6net>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>


    :arg ipv4net:
        Specific configuration for matched addresses
    :arg ipv6net:
        Specific configuration for matched addresses


    :instances: Multiple



.. osdx:cfgcmd:: service ssh match address <ipv4net|ipv6net> disable-password-authentication

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Disables the login using password authentication






.. osdx:cfgcmd:: service ssh match address <ipv4net|ipv6net> keepalive-count-max <u32>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Number of keepalive messages to be sent without any response from the client

    :arg u32:
        Disables connection termination (0)
    :arg u32:
        Number of messages to be sent (1-65535)





.. osdx:cfgcmd:: service ssh match address <ipv4net|ipv6net> keepalive-interval <u32>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Timeout interval in seconds after which SSH will send a message requesting a response

    :arg u32:
        Seconds (0-65535)





.. osdx:cfgcmd:: service ssh match address <ipv4net|ipv6net> log-level <txt>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Specific log-level to use. Each level logs their own messages and "higher" levels ones

    :arg quiet:
        Log no messages
    :arg fatal:
        Fatal messages
    :arg error:
        Error messages
    :arg info:
        Informational messages
    :arg verbose:
        More informational messages
    :arg debug:
        Debugging messages
    :arg debug2:
        More debugging messages





.. osdx:cfgcmd:: service ssh match host <ipv4|ipv6>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>


    :arg ipv4:
        Specific configuration for matched hosts
    :arg ipv6:
        Specific configuration for matched hosts


    :instances: Multiple



.. osdx:cfgcmd:: service ssh match host <ipv4|ipv6> disable-password-authentication

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Disables the login using password authentication






.. osdx:cfgcmd:: service ssh match host <ipv4|ipv6> keepalive-count-max <u32>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Number of keepalive messages to be sent without any response from the client

    :arg u32:
        Disables connection termination (0)
    :arg u32:
        Number of messages to be sent (1-65535)





.. osdx:cfgcmd:: service ssh match host <ipv4|ipv6> keepalive-interval <u32>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Timeout interval in seconds after which SSH will send a message requesting a response

    :arg u32:
        Seconds (0-65535)





.. osdx:cfgcmd:: service ssh match host <ipv4|ipv6> log-level <txt>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Specific log-level to use. Each level logs their own messages and "higher" levels ones

    :arg quiet:
        Log no messages
    :arg fatal:
        Fatal messages
    :arg error:
        Error messages
    :arg info:
        Informational messages
    :arg verbose:
        More informational messages
    :arg debug:
        Debugging messages
    :arg debug2:
        More debugging messages





.. osdx:cfgcmd:: service ssh match role <id>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>


    :arg id:
        Specific configuration for matched roles


    :instances: Multiple



.. osdx:cfgcmd:: service ssh match role <id> disable-password-authentication

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Disables the login using password authentication






.. osdx:cfgcmd:: service ssh match role <id> keepalive-count-max <u32>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Number of keepalive messages to be sent without any response from the client

    :arg u32:
        Disables connection termination (0)
    :arg u32:
        Number of messages to be sent (1-65535)





.. osdx:cfgcmd:: service ssh match role <id> keepalive-interval <u32>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Timeout interval in seconds after which SSH will send a message requesting a response

    :arg u32:
        Seconds (0-65535)





.. osdx:cfgcmd:: service ssh match role <id> log-level <txt>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Specific log-level to use. Each level logs their own messages and "higher" levels ones

    :arg quiet:
        Log no messages
    :arg fatal:
        Fatal messages
    :arg error:
        Error messages
    :arg info:
        Informational messages
    :arg verbose:
        More informational messages
    :arg debug:
        Debugging messages
    :arg debug2:
        More debugging messages





.. osdx:cfgcmd:: service ssh match user <txt>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Specific configuration for matched users



    :ref Reference: system login user *
    :instances: Multiple



.. osdx:cfgcmd:: service ssh match user <txt> disable-password-authentication

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Disables the login using password authentication






.. osdx:cfgcmd:: service ssh match user <txt> keepalive-count-max <u32>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Number of keepalive messages to be sent without any response from the client

    :arg u32:
        Disables connection termination (0)
    :arg u32:
        Number of messages to be sent (1-65535)





.. osdx:cfgcmd:: service ssh match user <txt> keepalive-interval <u32>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Timeout interval in seconds after which SSH will send a message requesting a response

    :arg u32:
        Seconds (0-65535)





.. osdx:cfgcmd:: service ssh match user <txt> log-level <txt>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Specific log-level to use. Each level logs their own messages and "higher" levels ones

    :arg quiet:
        Log no messages
    :arg fatal:
        Fatal messages
    :arg error:
        Error messages
    :arg info:
        Informational messages
    :arg verbose:
        More informational messages
    :arg debug:
        Debugging messages
    :arg debug2:
        More debugging messages





.. osdx:cfgcmd:: service ssh max-auth-tries <u32>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Maximum number of authentication attempts allowed per connection

    :arg u32:
        Disabled (infinite attempts are allowed) (0)
    :arg u32:
        Trials (1-65535)





.. osdx:cfgcmd:: service ssh port <u32>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    Port for SSH service

    :arg u32:
        Numeric IP port (1-32767)
    :arg u32:
        Numeric IP port (60000-65535)





.. osdx:cfgcmd:: service ssh pubkey-accepted-algorithms <id>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>


    :arg id:
        Specifies the signature algorithms that will be accepted for public key authentication


    :instances: List of values



.. osdx:cfgcmd:: service ssh vrf <id>

    .. raw:: html

        <span class="badge devices-badge" title="AresC640, Atlas840, H5-Auto, H5-Rail, M10-Plus, M10-Smart, M2, M20, RS420, RXL15000, SDE, SDE-11k">Devices</span>

    VRF interface to run SSH on



    :ref Reference: system vrf *