SSH Parameters

Secure Shell (SSH) parameters are described in the table below.

SSH Parameters

Parameter

Description

'Enable SSH Server'

configure system > cli-settings > ssh

[SSHServerEnable]

Enables the device's embedded SSH server.

[0] Check box cleared o = Disabled.
[1] Check box selected þ = (Default) Enabled.

'Public Key'

configure system > cli-settings > ssh-require-public-key

[SSHRequirePublicKey]

Enables RSA or ECDSA public keys for SSH.

[0] Check box cleared o = (Default) Disabled. RSA or ECDSA public keys are optional if a public key is configured.
[1] Check box selected þ = Enabled. RSA or ECDSA public keys are mandatory.

Note:

Public keys are configured per management user in the Local Users table (see Configuring Local Management User Accounts).
To define the key size, use the [TLSPkeySize] parameter.

'Max Payload Size'

ssh-max-payload-size

[SSHMaxPayloadSize]

Defines the maximum uncompressed payload size (in bytes) for SSH packets.

The valid value is 550 to 32768. The default is 32768.

'Max Binary Packet Size'

configure system > cli-settings > ssh-max-binary-packet-size

[SSHMaxBinaryPacketSize]

Defines the maximum packet size (in bytes) for SSH packets.

The valid value is 582 to 35000. The default is 35000.

'Maximum SSH Sessions'

configure system > cli-settings > ssh-max-sessions

[SSHMaxSessions]

Defines the maximum number of simultaneous SSH sessions.

The valid range is 1 to 5. The default 5.

'Enable Last Login Message'

configure system > cli-settings > ssh-last-login-message

[SSHEnableLastLoginMessage]

Enables message display in SSH sessions of the time and date of the last SSH login. The message displays the number of unsuccessful login attempts since the last successful login.

[0] Check box cleared o = Disabled.
[1] Check box selected þ = (Default) Enabled.

Note: The last SSH login information is cleared when the device restarts.

'Max Login Attempts

configure system > cli-settings > ssh-max-login-attempts

[SSHMaxLoginAttempts]

Defines the maximum SSH login attempts allowed for entering an incorrect password by an administrator before the SSH session is rejected.

The valid range is 1 to 5. The default is 3.

Note: The new setting takes effect only for new subsequent SSH connections.

'Kex Algorithms String'

configure system > cli-settings > ssh-kex-algorithms-string

[SSHKexAlgorithmsString]

Defines the SSH Key Exchange Algorithms.

The valid values include:

diffie-hellman-group-exchange-sha256
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256

You can configure the parameter with multiple values, using the colon (:) as a separator. For example, diffie-hellman-group1-sha1:diffie-hellman-group-exchange-sha256.

The default is curve25519-sha256:ecdh-sha2-nistp256:ecdh-sha2-nistp384:ecdh-sha2-nistp521:diffie-hellman-group-exchange-sha256:diffie-hellman-group16-sha512:diffie-hellman-group14-sha256:diffie-hellman-group14-sha1.

'Ciphers String'

configure system > cli-settings > ssh-ciphers-string

[SSHCiphersString]

Defines the SSH cipher string.

The valid values include:

aes128-ctr
aes128-cbc
aes256-ctr
aes256-cbc

You can configure the parameter with multiple values, using the colon (:) as a separator. For example, aes128-ctr:aes128-cbc.

The default is aes128-ctr:aes128-cbc.

'MACs String'

configure system > cli-settings > ssh-macs-string

[SSHMACsString]

Defines the SSH MAC algorithms.

The valid values include:

hmac-sha1
hmac-sha2-256

You can configure the parameter with both values using the colon (:) as a separator, for example, hmac-sha1:hmac-sha2-256.

The default is hmac-sha1:hmac-sha2-256.