Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S5148F-ON

351

352

353

354

355

356

357

358

359

360

SSH Server

The secure shell (SSH) server allows an SSH client to access an OS10 switch through a secure, encrypted connection.

Congure SSH server

• The SSH server is enabled by default. You can disable the SSH server using no ip ssh server enable.

• Challenge response authentication is disabled by default. To enable, use the ip ssh server challenge-response-

authentication

command.

• Host-based authentication is disabled by default. To enable, use the ip ssh server hostbased-authentication command.

• Password authentication is enabled by default. To disable, use the no ip ssh server password-authentication command.

• Public key authentication is enabled by default. To disable, use the no ip ssh server pubkey-authentication command.

• Congure the list of cipher algorithms using ip ssh server cipher cipher-list.

• Congure Key Exchange algorithms using ip ssh server kex key-exchange-algorithm.

• Congure hash message authentication code (HMAC) algorithms using ip ssh server mac hmac-algorithm.

• Congure the SSH server listening port using ip ssh server port port-number.

• Congure the SSH server to be reachable on the management VRF using ip ssh server vrf.

• Congure the SSH login timeout using the ip ssh server login-grace-time seconds command (0 to 300; default 60). To

reset the default SSH prompt timer, enter

no ip ssh server login-grace-time.

• Congure the maximum number of authentication attempts using the ip ssh server max-auth-tries number command (0

to 10; default 6). To reset the default, enter

no ip ssh server max-auth-tries.

The max-auth-tries value includes all authentication attempts, including public-key and password. If both public-key based

authentication and password authentication are enabled, the public-key authentication is the default and is tried rst. If it fails, the

number of

max-auth-tries is reduced by one. In this case, if you congured ip ssh server max-auth-tries 1, the

password prompt does not display.

Security commands

aaa authentication

Congures the AAA authentication method for user access.

Syntax

aaa authentication {local | radius | tacacs}

Parameters

• local — Use local (RBAC) access control.

• radius — Use the RADIUS servers congured with the radius-server host command.

• tacacs — Use the TACACS+ servers congured with the tacacs-server host command.

Default Local authentication

Command Mode CONFIGURATION

Usage Information There is no no version of this command. To reset the authentication method to local, enter the aaa

authentication local command.

Example

OS10(config)# aaa authentication radius

Supported Releases 10.2.0E or later

System management 355