ssh
Required Command-Line Mode = Configure
Use the ssh command to enable, disable, and configure the GigaVUE H Series node’s SSH server for access to the Mgmt port.
The ssh command has the following syntax:
ssh
client
ciphers <aes128-cbc | aes128-ctr | aes128-gcm | aes192-ctr | aes256-cbc | aes256-ctr | aes256-gcm>
global <host-key-check <yes | no | ask> | known-host <known host entry>>
user <username> <authorized-key sshv2 <public key> | identity <rsa2 | ecdsa> <generate | private-key
[private key] | public-key <public-key>>| known-host <known host> remove >
server
ciphers <aes128-cbc | aes128-ctr | aes128-gcm | aes192-ctr | aes256-cbc | aes256-ctr | aes256-gcm>
enable
host-key
rsa2 <private-key [private key] | public-key <public-key>>
ecdsa <private-key [private key] | public-key <public-key>>
generate
ports <port> [port] [port] [port]..
The following table describes the arguments for the ssh command:
Argument |
Description |
|||||||||
client ciphers |
Configures the ciphers to be used by the ssh client in the machine. The following ciphers are allowed in classic/legacy mode: aes128-cbc * aes128-ctr aes128-gcm@openssh.com aes192-ctr aes256-cbc* aes256-ctr aes256-gcm@openssh.com Note: The CBC ciphers are disabled in normal mode and are available only in secured crypto mode. You can utilize the CTR ciphers in normal mode. The following ciphers are allowed in secured crypto mode: aes128-cbc aes128-gcm@openssh.com aes256-cbc aes256-gcm@openssh.com |
|||||||||
client global <host-key-check <yes | no | ask>> |
Sets SSH client configuration to control how host key checking is done, as follows:
For example: (config) # ssh client global host-key-check yes |
|||||||||
client global <known-host <known host entry>> |
Adds an entry to the global known-hosts configuration file. |
|||||||||
client user <username> <authorized-key sshv2 <public key>> |
Adds the specified key to the list of authorized SSHv2 RSA or DSA public keys for this user account. |
|||||||||
client user <username> <identity <rsa2 | ecdsa> generate>> |
Generates a new identity (private and public keys) for the specified user. When the keys are generated, the private key is written to the user's .ssh directory in a file, for example, id_dsa. The rsa2 and ecdsa arguments specify generation of ECDSA and RSA v2 keys for SSHv2. |
|||||||||
client user <username> <identity <rsa2 | ecdsa> <private-key [private key] | public-key <public-key>> |
Specifies the public or private key (of the specified type) for the specified user. This is an alternative to generating the key. The rsa2 and ecdsa arguments specify generation of RSA v2 and ECDSA keys for SSHv2. If private-key or public-key is specified without a key, the user is prompted for the key. |
|||||||||
client user <username> <known-host <known host> remove> |
Removes a known host from a specified user’s .ssh known_hosts file. |
|||||||||
server enable |
Enables the SSH server on the GigaVUE H Series node for connections to the Mgmt port. You can also disable SSH access with the no ssh server enable command. For example: (config) # ssh server enable |
|||||||||
server ciphers |
Configures the ciphers in the sshd server running in our device. The following ciphers are allowed in the classic/legacy mode : aes128-cbc aes128-ctr aes128-gcm@openssh.com aes192-ctr aes256-cbc aes256-ctr aes256-gcm@openssh.com
The following ciphers are allowed in the secured crypto mode: aes128-cbc aes128-gcm@openssh.com aes256-cbc aes256-gcm@openssh.com |
|||||||||
server host-key |
Changes the SSH server host keys provided with the GigaVUE H Series node, as follows:
For example, to generate new RSA and DSA host keys for SSH: (config) # ssh server host-key generate For example, to set a new private-key for host keys of type rsa2: (config) # ssh server host-key rsa2 private-key You will be prompted to enter the key. |
|||||||||
server ports <port> [port] [port] [port].. |
Specifies the TCP port(s) on which the SSH server listens. Multiple ports can be specified. The default is 22. For example: (config) # ssh server ports 23 |
Related Commands
The following table summarizes other commands related to the ssh command:
Task |
Command |
Displays SSH client settings. |
# show ssh client |
Displays SSH server settings. |
# show ssh server |
Displays SSH server settings with full host keys. |
# show ssh server host-keys |
Resets global SSH client host key check settings. |
(config) # no ssh client global host-key-check |
Deletes a global SSH client known host entry by host. |
(config) # no ssh client global known-host <known-host-entry> |
Deletes a public key from an authorized key list for a specified user. |
(config) # no ssh client user monitor authorized-key sshv2 <public key ID> |
Deletes all SSH client identity keys for a specified user. |
(config) # no ssh client user monitor identity |
Deletes SSH client identity keys for a specified user and for a specified type of identity. |
(config) # no ssh client user monitor identity rsa2 |
Disables the SSH server. |
(config) # no ssh server enable |
Note: GigaVUE‑HC2 and GigaVUE-HC2-Plus devices have 4GB RAM and can go into a low memory condition when the devices have scaled conditions. It is always recommended not to have more than two ssh sessions on the device.