SSH Parameters

Secure Shell (SSH) parameters are described in the table below.

SSH Parameters

Parameter

Description

'Enable SSH Server'

configure system > cli-settings > ssh

[SSHServerEnable]

Enables the device's embedded SSH server.

[0] Disable
[1] Enable (default)

'Redundant Device Server Port'

configure system > cli-settings > ssh-red-device-port

[SSHRedundantProxyPort]

Defines the proxy SSH port number on the active device for accessing the redundant device's embedded SSH server from the active device for downloading files from the redundant device.

The valid value is any valid port number. The default port is 0 (i.e., disabled).

Note:

The parameter is applicable only when the device is in HA mode.
The port number must be different to the regular SSH port number, which is configured by the SSHServerPort parameter.

'Public Key'

configure system > cli-settings > ssh-require-public-key

[SSHRequirePublicKey]

Enables RSA or ECDSA public keys for SSH.

[0] Disable = (Default) RSA or ECDSA public keys are optional if a public key is configured.
[1] Enable = RSA or ECDSA public keys are mandatory.

Note:

Public keys are configured per management user in the Local Users table (see Configuring Management User Accounts).
To define the key size, use the [TLSPkeySize] parameter.

'Max Payload Size'

ssh-max-payload-size

[SSHMaxPayloadSize]

Defines the maximum uncompressed payload size (in bytes) for SSH packets.

The valid value is 550 to 32768. The default is 32768.

'Max Binary Packet Size'

configure system > cli-settings > ssh-max-binary-packet-size

[SSHMaxBinaryPacketSize]

Defines the maximum packet size (in bytes) for SSH packets.

The valid value is 582 to 35000. The default is 35000.

'Maximum SSH Sessions'

configure system > cli-settings > ssh-max-sessions

[SSHMaxSessions]

Defines the maximum number of simultaneous SSH sessions.

The valid range is 1 to 5. The default 5.

'Enable Last Login Message'

configure system > cli-settings > ssh-last-login-message

[SSHEnableLastLoginMessage]

Enables message display in SSH sessions of the time and date of the last SSH login. The message displays the number of unsuccessful login attempts since the last successful login.

[0] Disable
[1] Enable (default)

Note: The last SSH login information is cleared when the device restarts.

'Max Login Attempts

configure system > cli-settings > ssh-max-login-attempts

[SSHMaxLoginAttempts]

Defines the maximum SSH login attempts allowed for entering an incorrect password by an administrator before the SSH session is rejected.

The valid range is 1 to 5. The default is 3.

Note: The new setting takes effect only for new subsequent SSH connections.

'Kex Algorithms String'

configure system > cli-settings > ssh-kex-algorithms-string

[SSHKexAlgorithmsString]

Defines the SSH Key Exchange Algorithms.

The valid values include:

diffie-hellman-group-exchange-sha256
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1

You can configure the parameter with multiple values, using the colon (:) as a separator. For example, diffie-hellman-group1-sha1:diffie-hellman-group-exchange-sha256.

The default is diffie-hellman-group1-sha1:diffie-hellman-group-exchange-sha256.

'Ciphers String'

configure system > cli-settings > ssh-ciphers-string

[SSHCiphersString]

Defines the SSH cipher string.

The valid values include:

aes128-ctr
aes128-cbc
aes256-ctr
aes256-cbc

You can configure the parameter with multiple values, using the colon (:) as a separator. For example, aes128-ctr:aes128-cbc.

The default is aes128-ctr:aes128-cbc.

'MACs String'

configure system > cli-settings > ssh-macs-string

[SSHMACsString]

Defines the SSH MAC algorithms.

The valid value is hmac-sha1 or hmac-sha2-256. You can configure the parameter with both values using the colon (:) as a separator, for example, hmac-sha1:hmac-sha2-256.

The default is hmac-sha1:hmac-sha2-256.