SSH Configuration Mode Commands

The Secure Shell Configuration Mode is used to manage the SSH server options for the current context.

IMPORTANT:

You must use the ssh generate key command in Context Configuration Mode to generate the sshd keys before you can configure the sshd server

IMPORTANT:

The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).

authorized-key

Sets or removes a user name having authorized keys for access to the sshd server in the current context.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
authorized-key username user_name host host _name [ type { v2-dsa | v2-rsa } ] 
default

Resets the parameter to the default value.

username

Sets a username as having authorized keys for access to the sshd server.

user_name

Specifies the username entered as an alphanumeric string of 1 through 255 characters.

host

Associates an SSH host having the authorization keys for the username.

host_name

Specifies the host name entered as an alphanumeric string of 1 through 255 characters.

[ type { v2-dsa | v2-rsa } ]

Specifies which type of SSH authorization key will be accepted instead of all key types. The options are: v2-dsa (SSHv2 Digital Signature Algorithm), or v2-rsa (SSHv2 Rivest, Shamir and Adleman).


Usage:

Use this command to set a username with authorized keys for access to the sshd server within the current context.


Example:
The following command specifies that username dbailey with authorization keys at sshserver can access the system with all types of authorization keys:
authorized-key username
dbailey host sshserver 
end

Exits the current configuration mode and returns to the Exec mode.

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
end

Usage:

Use this command to return to the Exec mode.

exit

Exits the current mode and returns to the parent configuration mode.

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
exit

Usage:

Use this command to return to the parent configuration mode.

listen

Configures the SSH server in the current context to only listen for connections from the interface with the specified IP address. The default behavior is to listen on all interfaces.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
listen ip_addressno listen
no

Disable listening for a specific interface address and enable listening on all interfaces.

ip_address

Enables listening only on the interface with the specified IP address. ip_address must be entered using IPv4 dotted-decimal notation.


Usage:

Use this command to configure the SSH server for the current context to only listen for connections from the interface with the specified IP address. Only one IP address may be set for listening.


Example:
The following command specifies that the Server should only listen for connections in the interface with the IP address of 192.168.0.10:
listen 192.168.0.10
max servers

Configures the maximum number of SSH servers that can be started within any 60-second interval. If this limit is reached, the system waits two minutes before trying to start any more servers.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
max servers number
number

Default: 40

Specifies the maximum number of servers that can be spawned in any 60-second interval. number must be an integer from 1 through 100.


Usage:

Set the number of servers to tune the system response as a heavily loaded system may need more servers to support the incoming requests.

The converse would be true as well in that a system can benefit by reducing the number of servers such that telnet services do not cause excessive system impact to other services.


Example:
max servers 50
subsystem

Configures the system to perform file transfers using secure FTP (SFTP) over ssh v2. Administrator users must be configured with the FTP attribute privilege to issue this command.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] subsystem { cli | sftp }
no

Disables either the SFTP ssh file transfer method or disables access to the CLI via ssh.

cli

Default: Enabled

Configures the SSH system for the current context to allow access to the CLI.

sftp

Default: Disabled

Enables the SSH system for the current context to perform file transfers using secure FTP (SFTP) over ssh v2.


Usage:

Use this command to enable or disable file transfers using secure ftp over an ssh v2 tunnel.

Also use this command to enable or disable access to the CLI over an SSH connection.


Example:
The following command enables SFTP for the current context:
subsystem sftp
The following command disables access to the CLI through an SSH session for the current context:
no subsystem cli