Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch

821

822

823

824

825

826

827

828

829

830

Configuring When to Re-generate an SSH Key

You can configure the time-based or volume-based rekey threshold for an SSH session. If both threshold types are configured, the session

rekeys when either one of the thresholds is reached.

To configure the time or volume rekey threshold at which to re-generate the SSH key during an SSH session, use the ip ssh rekey

[time rekey-interval] [volume rekey-limit] command. CONFIGURATION mode.

Configure the following parameters:

• rekey-interval: time-based rekey threshold for an SSH session. The range is from 10 to 1440 minutes. The default is 60 minutes.

• rekey-limit: volume-based rekey threshold for an SSH session. The range is from 1 to 4096 to megabytes. The default is 1024

megabytes.

Examples

The following example configures the time-based rekey threshold for an SSH session to 30 minutes.

Dell(conf)#ip ssh rekey time 30

The following example configures the volume-based rekey threshold for an SSH session to 4096 megabytes.

Dell(conf)#ip ssh rekey volume 4096

Configuring the SSH Server Cipher List

To configure the cipher list supported by the SSH server, use the ip ssh server cipher cipher-list command in CONFIGURATION

mode.

cipher-list-: Enter a space-delimited list of ciphers the SSH server will support.

The following ciphers are available.

• 3des-cbc

• aes128-cbc

• aes192-cbc

• aes256-cbc

• aes128-ctr

• aes192-ctr

• aes256-ctr

The default cipher list is aes256-ctr, aes256-cbc, aes192-ctr, aes192-cbc, aes128-ctr, aes128-cbc, 3des-cbc.

Example of Configuring a Cipher List

The following example shows you how to configure a cipher list.

Dell(conf)#ip ssh server cipher 3des-cbc aes128-cbc aes128-ctr

Configuring DNS in the SSH Server

Dell EMC Networking provides support to enable the DNS in SSH server configuration for host-based authentication. You can specify

whether the SSH Server should look up the remote host name and check whether the resolved host name for the remote IP address

maps to the same IP address. By default, the DNS in the SSH server configuration is disabled.

To enable the DNS in the SSH server configuration, use the following command.

• Enable the DNS in the SSH server configuration.

CONFIGURATION mode

[no] ip ssh server dns enable

To disable the DNS in the SSH server configuration, use the no version of this command.

To view the status of DNS in the SSH server configuration, use the show running-config ip ssh command from EXEC mode.

DellEMC#show running-config ip ssh

Security

827