Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4112F-ON/S4112T-ON

461

462

463

464

465

466

467

468

469

470

SSH Server

The secure shell (SSH) server allows an SSH client to access an OS10 switch through a secure, encrypted connection.

Congure SSH server

• The SSH server is enabled by default. You can disable the SSH server using no ip ssh server enable.

• Challenge response authentication is disabled by default. To enable, use the ip ssh server challenge-response-

authentication

command.

• Host-based authentication is disabled by default. To enable, use the ip ssh server hostbased-authentication command.

• Password authentication is enabled by default. To disable, use the no ip ssh server password-authentication command.

• Public key authentication is enabled by default. To disable, use the no ip ssh server pubkey-authentication command.

• Congure the list of cipher algorithms using ip ssh server cipher cipher-list.

• Congure Key Exchange algorithms using ip ssh server kex key-exchange-algorithm.

• Congure hash message authentication code (HMAC) algorithms using ip ssh server mac hmac-algorithm.

• Congure the SSH server listening port using ip ssh server port port-number.

• Congure the SSH server to be reachable on the management VRF using ip ssh server vrf.

• Congure the SSH login timeout using the ip ssh server login-grace-time seconds command (0 to 300; default 60). To

reset the default SSH prompt timer, enter

no ip ssh server login-grace-time.

• Congure the maximum number of authentication attempts using the ip ssh server max-auth-tries number command (0

to 10; default 6). To reset the default, enter

no ip ssh server max-auth-tries.

The max-auth-tries value includes all authentication attempts, including public-key and password. If both public-key based

authentication and password authentication are enabled, the public-key authentication is the default and is tried rst. If it fails, the

number of

max-auth-tries is reduced by one. In this case, if you congured ip ssh server max-auth-tries 1, the

password prompt does not display.

Virtual terminal line

Virtual terminal line (VTY) is used to control Telnet or SSH connections to the switch.

You can enter the VTY mode by using the line vty command in the CONFIGURATION mode.

OS10(config)# line vty

OS10(config-line-vty)#

Control access to VTY

You can control the Telnet or SSH connections to the switch by applying access lists on VTY lines.

Create IP or IPv6 access lists with permit or deny lters.

Enter the VTY mode by using the line vty command in the CONFIGURATION mode.

Apply the access lists to the VTY line with the {ip | ipv6} access-class access-list-name command.

Example

OS10(config)# ip access-list permit10

OS10(config-ipv4-acl)# permit ip 172.16.0.0 255.255.0.0 any

OS10(config-ipv4-acl)# exit

OS10(config)# line vty

System management

461