ssh --- .. osdx:cfgcmd:: service ssh .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Secure SHell (SSH) protocol .. osdx:cfgcmd:: service ssh aaa .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k AAA options .. osdx:cfgcmd:: service ssh aaa accounting .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Accounting list name :ref Reference: system aaa list * .. osdx:cfgcmd:: service ssh aaa authentication .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Authentication list name :ref Reference: system aaa list * .. osdx:cfgcmd:: service ssh access-control .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Limit how roles and users can access the system through SSH .. osdx:cfgcmd:: service ssh access-control allow .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Allow access to specific roles/users .. osdx:cfgcmd:: service ssh access-control allow role .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg id: Role :instances: Multiple .. osdx:cfgcmd:: service ssh access-control allow user .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k User :ref Reference: system login user * :instances: Multiple .. osdx:cfgcmd:: service ssh access-control deny .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Deny access to specific roles/users .. osdx:cfgcmd:: service ssh access-control deny role .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg id: Role :instances: Multiple .. osdx:cfgcmd:: service ssh access-control deny user .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k User :ref Reference: system login user * :instances: Multiple .. osdx:cfgcmd:: service ssh cipher .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg id: Ciphers to use for ongoing SSH connections It is possible to limit which ciphers will be used for ongoing SSH connections. A list of ciphers is accepted, and they will be sorted by their strength (strong-first based ordering). :instances: List of values .. osdx:cfgcmd:: service ssh disable-password-authentication .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Disables the login using password authentication .. osdx:cfgcmd:: service ssh host-key .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg file: Host key used when others connect to us through SSH :instances: Multiple .. osdx:cfgcmd:: service ssh host-key-algorithms .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg id: Specifies the host key algorithms that the server offers :instances: List of values .. osdx:cfgcmd:: service ssh keepalive-count-max .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Number of keepalive messages to be sent without any response from the client :arg u32: Disables connection termination (0) :arg u32: Number of messages to be sent (1-65535) .. osdx:cfgcmd:: service ssh keepalive-interval .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Timeout interval in seconds after which SSH will send a message requesting a response :arg u32: Seconds (0-65535) .. osdx:cfgcmd:: service ssh key-exchange .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg id: Specifies the available KEX (Key Exchange) algorithms :instances: List of values .. osdx:cfgcmd:: service ssh listen-address .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Listen address to listen to :arg ipv4: IP address to listen to :arg ipv6: IPv6 address to listen to :arg hostname: Hostname to listen to :Local IP address: :instances: Multiple .. osdx:cfgcmd:: service ssh log-level .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Specific log-level to use. Each level logs their own messages and "higher" levels ones :arg quiet: Log no messages :arg fatal: Fatal messages :arg error: Error messages :arg info: Informational messages :arg verbose: More informational messages :arg debug: Debugging messages :arg debug2: More debugging messages .. osdx:cfgcmd:: service ssh login-grace-time .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg u32: The server disconnects after this time (in seconds) if the user has not successfully logged in. If the value is 0, there is no time limit. The default is 120 seconds. .. osdx:cfgcmd:: service ssh mac .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg id: Specifies the available MAC (Message Authentication Code) algorithms The MAC algorithm is used for data integrity protection. The algorithms that contain "-etm" calculate the MAC after encryption (encrypt-then-mac). These are considered safer and their use recommended. :instances: List of values .. osdx:cfgcmd:: service ssh match .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Match directives to apply a given configuration to specific users or groups .. osdx:cfgcmd:: service ssh match address .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg ipv4net: Specific configuration for matched addresses :arg ipv6net: Specific configuration for matched addresses :instances: Multiple .. osdx:cfgcmd:: service ssh match address disable-password-authentication .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Disables the login using password authentication .. osdx:cfgcmd:: service ssh match address keepalive-count-max .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Number of keepalive messages to be sent without any response from the client :arg u32: Disables connection termination (0) :arg u32: Number of messages to be sent (1-65535) .. osdx:cfgcmd:: service ssh match address keepalive-interval .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Timeout interval in seconds after which SSH will send a message requesting a response :arg u32: Seconds (0-65535) .. osdx:cfgcmd:: service ssh match address log-level .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Specific log-level to use. Each level logs their own messages and "higher" levels ones :arg quiet: Log no messages :arg fatal: Fatal messages :arg error: Error messages :arg info: Informational messages :arg verbose: More informational messages :arg debug: Debugging messages :arg debug2: More debugging messages .. osdx:cfgcmd:: service ssh match host .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg ipv4: Specific configuration for matched hosts :arg ipv6: Specific configuration for matched hosts :instances: Multiple .. osdx:cfgcmd:: service ssh match host disable-password-authentication .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Disables the login using password authentication .. osdx:cfgcmd:: service ssh match host keepalive-count-max .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Number of keepalive messages to be sent without any response from the client :arg u32: Disables connection termination (0) :arg u32: Number of messages to be sent (1-65535) .. osdx:cfgcmd:: service ssh match host keepalive-interval .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Timeout interval in seconds after which SSH will send a message requesting a response :arg u32: Seconds (0-65535) .. osdx:cfgcmd:: service ssh match host log-level .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Specific log-level to use. Each level logs their own messages and "higher" levels ones :arg quiet: Log no messages :arg fatal: Fatal messages :arg error: Error messages :arg info: Informational messages :arg verbose: More informational messages :arg debug: Debugging messages :arg debug2: More debugging messages .. osdx:cfgcmd:: service ssh match role .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg id: Specific configuration for matched roles :instances: Multiple .. osdx:cfgcmd:: service ssh match role disable-password-authentication .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Disables the login using password authentication .. osdx:cfgcmd:: service ssh match role keepalive-count-max .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Number of keepalive messages to be sent without any response from the client :arg u32: Disables connection termination (0) :arg u32: Number of messages to be sent (1-65535) .. osdx:cfgcmd:: service ssh match role keepalive-interval .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Timeout interval in seconds after which SSH will send a message requesting a response :arg u32: Seconds (0-65535) .. osdx:cfgcmd:: service ssh match role log-level .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Specific log-level to use. Each level logs their own messages and "higher" levels ones :arg quiet: Log no messages :arg fatal: Fatal messages :arg error: Error messages :arg info: Informational messages :arg verbose: More informational messages :arg debug: Debugging messages :arg debug2: More debugging messages .. osdx:cfgcmd:: service ssh match user .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Specific configuration for matched users :ref Reference: system login user * :instances: Multiple .. osdx:cfgcmd:: service ssh match user disable-password-authentication .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Disables the login using password authentication .. osdx:cfgcmd:: service ssh match user keepalive-count-max .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Number of keepalive messages to be sent without any response from the client :arg u32: Disables connection termination (0) :arg u32: Number of messages to be sent (1-65535) .. osdx:cfgcmd:: service ssh match user keepalive-interval .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Timeout interval in seconds after which SSH will send a message requesting a response :arg u32: Seconds (0-65535) .. osdx:cfgcmd:: service ssh match user log-level .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Specific log-level to use. Each level logs their own messages and "higher" levels ones :arg quiet: Log no messages :arg fatal: Fatal messages :arg error: Error messages :arg info: Informational messages :arg verbose: More informational messages :arg debug: Debugging messages :arg debug2: More debugging messages .. osdx:cfgcmd:: service ssh max-auth-tries .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Maximum number of authentication attempts allowed per connection :arg u32: Disabled (infinite attempts are allowed) (0) :arg u32: Trials (1-65535) .. osdx:cfgcmd:: service ssh port .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k Port for SSH service :arg u32: Numeric IP port (1-32767) :arg u32: Numeric IP port (60000-65535) .. osdx:cfgcmd:: service ssh pubkey-accepted-algorithms .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k :arg id: Specifies the signature algorithms that will be accepted for public key authentication :instances: List of values .. osdx:cfgcmd:: service ssh vrf .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k VRF interface to run SSH on :ref Reference: system vrf *