SSH Parameters

Secure Shell (SSH) parameters are described in the table below.

SSH Parameters

Parameter

Description

'Enable SSH Server'

configure system > cli-settings > ssh

[SSHServerEnable]

Enables the device's embedded SSH server.

[0] Disable
[1] Enable (default)

'Public Key'

configure system > cli-settings > ssh-require-public-key

[SSHRequirePublicKey]

Enables RSA or ECDSA public keys for SSH.

[0] Disable = (Default) RSA or ECDSA public keys are optional if a public key is configured.
[1] Enable = RSA or ECDSA public keys are mandatory.

Note:

Public keys are configured per management user in the Local Users table (see Configuring Management User Accounts).
To define the key size, use the [TLSPkeySize] parameter.

'Max Payload Size'

ssh-max-payload-size

[SSHMaxPayloadSize]

Defines the maximum uncompressed payload size (in bytes) for SSH packets.

The valid value is 550 to 32768. The default is 32768.

'Max Binary Packet Size'

configure system > cli-settings > ssh-max-binary-packet-size

[SSHMaxBinaryPacketSize]

Defines the maximum packet size (in bytes) for SSH packets.

The valid value is 582 to 35000. The default is 35000.

'Maximum SSH Sessions'

configure system > cli-settings > ssh-max-sessions

[SSHMaxSessions]

Defines the maximum number of simultaneous SSH sessions.

The valid range is 1 to 5. The default 5.

'Enable Last Login Message'

configure system > cli-settings > ssh-last-login-message

[SSHEnableLastLoginMessage]

Enables message display in SSH sessions of the time and date of the last SSH login. The message displays the number of unsuccessful login attempts since the last successful login.

[0] Disable
[1] Enable (default)

Note: The last SSH login information is cleared when the device restarts.

'Max Login Attempts

configure system > cli-settings > ssh-max-login-attempts

[SSHMaxLoginAttempts]

Defines the maximum SSH login attempts allowed for entering an incorrect password by an administrator before the SSH session is rejected.

The valid range is 1 to 5. The default is 3.

Note: The new setting takes effect only for new subsequent SSH connections.

'Kex Algorithms String'

configure system > cli-settings > ssh-kex-algorithms-string

[SSHKexAlgorithmsString]

Defines the SSH Key Exchange Algorithms.

The valid values include:

diffie-hellman-group-exchange-sha256
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1

You can configure the parameter with multiple values, using the colon (:) as a separator. For example, diffie-hellman-group1-sha1:diffie-hellman-group-exchange-sha256.

The default is diffie-hellman-group1-sha1:diffie-hellman-group-exchange-sha256.

'Ciphers String'

configure system > cli-settings > ssh-ciphers-string

[SSHCiphersString]

Defines the SSH cipher string.

The valid values include:

aes128-ctr
aes128-cbc
aes256-ctr
aes256-cbc

You can configure the parameter with multiple values, using the colon (:) as a separator. For example, aes128-ctr:aes128-cbc.

The default is aes128-ctr:aes128-cbc.

'MACs String'

configure system > cli-settings > ssh-macs-string

[SSHMACsString]

Defines the SSH MAC algorithms.

The valid value is hmac-sha1 or hmac-sha2-256. You can configure the parameter with both values using the colon (:) as a separator, for example, hmac-sha1:hmac-sha2-256.

The default is hmac-sha1:hmac-sha2-256.