Manualshelf

Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4112F-ON/S4112T-ON
521522523524525526527528529530
Congure Key Exchange algorithms using ip ssh server kex key-exchange-algorithm.
Congure hash message authentication code (HMAC) algorithms using ip ssh server mac hmac-algorithm.
Congure the SSH server listening port using ip ssh server port port-number.
Congure the SSH server to be reachable on the management VRF using ip ssh server vrf.
Congure the SSH login timeout using the ip ssh server login-grace-time seconds command (0 to 300; default 60). To
reset the default SSH prompt timer, enter no ip ssh server login-grace-time.
Congure the maximum number of authentication attempts using the ip ssh server max-auth-tries number command (0
to 10; default 6). To reset the default, enter no ip ssh server max-auth-tries.
The max-auth-tries value includes all authentication attempts, including public-key and password. If both public-key based
authentication and password authentication are enabled, the public-key authentication is the default and is tried rst. If it fails, the
number of max-auth-tries is reduced by one. In this case, if you congured ip ssh server max-auth-tries 1, the
password prompt does not display.
Regenerate public keys
When enabled, the SSH server generates public keys by default and uses them for client authentication:
A Rivest, Shamir, and Adelman (RSA) key using 2048 bits.
An Elliptic Curve Digital Signature Algorithm (ECDSA) key using 256 bits
An Ed25519 key using 256 bits
NOTE: RSA1 and DSA keys are not supported on the OS10 SSH server.
An SSH client must exchange the same public key to establish a secure SSH connection to the OS10 switch. If necessary, you can
regenerate the keys used by the SSH server with a customized bit size. You cannot change the default size of the Ed25519 key. The
crypto key generate command is available only to the sysadmin and secadmin roles.
1 Regenerate keys for the SSH server in EXEC mode.
crypto ssh-key generate {rsa {2048|3072|4096} | ecdsa {256|384|521} | ed25519}
2 Enter yes at the prompt to overwrite an existing key.
Host key already exists. Overwrite [confirm yes/no]:yes
Generated 2048-bit RSA key
3 Display the SSH public keys in EXEC mode.
show crypto ssh-key
After you regenerate SSH server keys, disable and re-enable the SSH server to use the new keys. Restarting the SSH server does not
impact current OS10 sessions.
Virtual terminal line
Virtual terminal line (VTY) is used to control Telnet or SSH connections to the switch.
You can enter the VTY mode by using the line vty command in the CONFIGURATION mode.
OS10(config)# line vty
OS10(config-line-vty)#
Control access to VTY
You can control the Telnet or SSH connections to the switch by applying access lists on VTY lines.
Create IP or IPv6 access lists with permit or deny lters.
Enter the VTY mode by using the line vty command in the CONFIGURATION mode.
Apply the access lists to the VTY line with the {ip | ipv6} access-class access-list-name command.
System management
523