ssh
Required Command-Line Mode = Configure
Use the ssh command to enable, disable, and configure the GigaVUE® HC Series node’s SSH server for access to the Mgmt port.
The ssh command has the following syntax:
ssh
client
ciphers <aes128-cbc | aes128-ctr | aes128-gcm@openssh.com | aes192-ctr | aes256-cbc | aes256-ctr | aes256-gcm@openssh.com>
global <host-key-check <yes | no | ask> | known-host <known host entry>>
hostkey-algo < ecdsa-sha2-nistp256 | ecdsa-sha2-nistp384 | ecdsa-sha2-nistp521 | rsa-sha2- 256 | rsa-sha2-512 >
kex < diffie-hellman-group14-sha256 | ecdh-sha2-nistp256 | ecdh-sha2-nistp384 | ecdh-sha2-nistp521 >
macs < hmac-sha2-256 | hmac-sha2-512 >
user <username> <authorized-key sshv2 <public key> | identity <rsa2 | ecdsa> <generate | private-key
[private key] | public-key <public-key>>| known-host <known host> remove >
server
ciphers <aes128-cbc | aes128-ctr | aes128-gcm@openssh.com | aes192-ctr | aes256-cbc | aes256-ctr | aes256-gcm@openssh.com>
enable
host-key
rsa2 <private-key [private key] | public-key <public-key>>
ecdsa <private-key [private key] | public-key <public-key>>
generate
hostkey-algo < rsa-sha2-256 | rsa-sha2-512 >
kex < diffie-hellman-group14-sha256 | ecdh-sha2-nistp256 | ecdh-sha2-nistp384 | ecdh-sha2-nistp521 >
macs < hmac-sha2-256 | hmac-sha2-512 >
ports <port> [port] [port] [port]..
The following table describes the arguments for the ssh command:
Argument |
Description |
|||||||||
client ciphers |
Configures the ciphers to be used by the ssh client in the machine. The following ciphers are allowed in the "classic mode":
Note: The CBC ciphers are disabled in normal mode and are available only in "secure crypto mode". You can utilize the CTR ciphers in normal mode. The following ciphers are allowed in the "secure crypto mode":
The following ciphers are allowed in the "FIPS mode":
|
|||||||||
client global <host-key-check <yes | no | ask>> |
Sets SSH client configuration to control how host key checking is done, as follows:
For example: (config) # ssh client global host-key-check yes |
|||||||||
client global <known-host <known host entry>> |
Adds an entry to the global known-hosts configuration file. |
|||||||||
client hostkey-algo |
Configures the hostkey algos to be used by the ssh client in the machine. The following hostkey algos are allowed in the "classic mode":
The following hostkey algos are allowed in the "secure crypto mode":
The following hostkey algos are allowed in the secure " FIPS mode":
|
|||||||||
client kex |
Configures the kex to be used by the ssh client in the machine. The following kex are allowed in the "classic mode":
The following kex are allowed in the "secure crypto mode":
The following kex are allowed in the "FIPS mode":
|
|||||||||
client macs |
Configures the macs to be used by the ssh client in the machine. The following macs are allowed in the "classic mode":
The following macs are allowed in the "secure crypto mode":
The following macs are allowed in the "FIPS mode":
|
|||||||||
client user <username> <authorized-key sshv2 <public key>> |
Adds the specified key to the list of authorized SSHv2 RSA or DSA public keys for this user account. |
|||||||||
client user <username> <identity <rsa2 | ecdsa> generate>> |
Generates a new identity (private and public keys) for the specified user. When the keys are generated, the private key is written to the user's .ssh directory in a file, for example, id_dsa. The rsa2 and ecdsa arguments specify generation of ECDSA and RSA v2 keys for SSHv2. |
|||||||||
client user <username> <identity <rsa2 | ecdsa> <private-key [private key] | public-key <public-key>> |
Specifies the public or private key (of the specified type) for the specified user. This is an alternative to generating the key. The rsa2 and ecdsa arguments specify generation of RSA v2 and ECDSA keys for SSHv2. If private-key or public-key is specified without a key, the user is prompted for the key. |
|||||||||
client user <username> <known-host <known host> remove> |
Removes a known host from a specified user’s .ssh known_hosts file. |
|||||||||
server enable |
Enables the SSH server on theGigaVUE HC Series node for connections to the Mgmt port. You can also disable SSH access with the no ssh server enable command. For example: (config) # ssh server enable |
|||||||||
server ciphers |
Configures the ciphers in the ssh server running in our device. The following ciphers are allowed in the "classic mode" :
The following ciphers are allowed in the "secure crypto mode":
The following ciphers are allowed in the "FIPS mode":
|
|||||||||
server host-key |
Changes the SSH server host keys provided with the GigaVUE HC Series node, as follows:
For example, to generate new RSA and DSA host keys for SSH: (config) # ssh server host-key generate For example, to set a new private-key for host keys of type rsa2: (config) # ssh server host-key rsa2 private-key You will be prompted to enter the key. |
|||||||||
server hostkey-algo |
Configures the hostkey algos to be used by the ssh server in the machine. The following hostkey algos are allowed in the "classic mode":
The following hostkey algo is allowed in the "secure crypto mode":
The following hostkey algo is allowed in the "FIPS mode":
|
|||||||||
server kex |
Configures the kex to be used by the ssh server in the machine. The following kex are allowed in the "classic mode": diffie-hellman-group14-sha256
The following kex are allowed in the "secure crypto mode":
The following kex are allowed in the "FIPS mode":
|
|||||||||
server macs |
Configures the macs to be used by the ssh server in the machine. The following macs are allowed in the "classic mode":
The following macs are allowed in the "secure crypto mode":
The following macs are allowed in the "FIPS mode":
|
|||||||||
server ports <port> [port] [port] [port].. |
Specifies the TCP port(s) on which the SSH server listens. Multiple ports can be specified. The default is 22. For example: (config) # ssh server ports 23 |
Related Commands
The following table summarizes other commands related to the ssh command:
Task |
Command |
Displays SSH client settings. |
# show ssh client |
Displays SSH server settings. |
# show ssh server |
Displays SSH server settings with full host keys. |
# show ssh server host-keys |
Resets global SSH client host key check settings. |
(config) # no ssh client global host-key-check |
Deletes the client SSH configurations and reset to the default values. |
(config) # no ssh client <ciphers/kex/macs/hostkey-algo> |
Deletes the server SSH configurations and reset to the default values. |
(config) # no ssh server <ciphers/kex/macs/hostkey-algo> |
Deletes a global SSH client known host entry by host. |
(config) # no ssh client global known-host <known-host-entry> |
Deletes a public key from an authorized key list for a specified user. |
(config) # no ssh client user monitor authorized-key sshv2 <public key ID> |
Deletes all SSH client identity keys for a specified user. |
(config) # no ssh client user monitor identity |
Deletes SSH client identity keys for a specified user and for a specified type of identity. |
(config) # no ssh client user monitor identity rsa2 |
Disables the SSH server. |
(config) # no ssh server enable |