SSH Configuration Mode Commands


SSH Configuration Mode Commands
 
 
The Secure Shell Configuration Mode is used to manage the SSH server options for the current context.
 
 
end
Exits the SSH server configuration mode and returns to the Exec mode.
Product
All
Privilege
Administrator, Config-administrator
Syntax
end
Usage
Change the mode back to the Exec mode.
 
exit
Exits the secure shell server configuration mode and returns to the context configuration mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
exit
Usage
Return to the context configuration mode.
 
listen
This command configures the SSH server in the current context to only listen for connections from the interface with the specified IP address. The default behavior is to listen on all interfaces.
Product
All
Privilege
Security Administrator, Administrator
Syntax
listen ip_address
no listen
no
Disable listening for a specific interface address and enable listening on all interfaces.
Usage
Use this command to configure the SSH server for the current context to only listen for connections from the interface with the specified IP address. Only one IP address may be set for listening.
Example
The following command specifies that the Server should only listen for connections in the interface with the IP address of 192.168.0.10:
listen 192.168.0.10
 
max servers
Configures the maximum number of SSH servers that can be started within any 60 second interval. If this limit is reached, the system waits two minutes before trying to start any more servers.
Product
All
Privilege
Security Administrator, Administrator
Syntax
max servers number
number
Default: 40
Specifies the maximum number of servers that can be spawned in any 60 second interval. number must be a value in the range from 1 to 100.
Usage
Set the number of servers to tune the system response as a heavily loaded system may need more servers to support the incoming requests.
The converse would be true as well in that a system can benefit by reducing the number of servers such that telnet services do not cause excessive system impact to other services.
Example
max servers 50
 
subsystem
Configures the system to perform file transfers using secure ftp (sftp) over ssh v2. Administrator users must be configured with the ftp attribute privilege to issue this command.
Product
All
Privilege
Security Administrator, Administrator
Syntax
subsystem { cli | sftp }
no subsystem { cli | sftp }
no
Disables either the sftp ssh file transfer method or disables access to the CLI over ssh.
cli
Default: Enabled
Configures the SSH system for the current context to allow access to the CLI.
sftp
Default: Disabled
Enables the SSH system for the current context to perform file transfers using secure ftp (sftp) over ssh v2.
Usage
Use this command to enable or disable file transfers using secure ftp over an ssh v2 tunnel.
Also use this command to enable or disable access to the CLI over an SSH connection.
Example
The following command enables SFTP for the current context:
subsystem sftp
The following command disables access to the CLI through an SSH session for the current context:
no subsystem cli
 
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883