ip ssh
Syntax
ip ssh
no ip ssh
Description
Enables SSH for on the switch for both IPv4 and IPv6, and activates the connection with a configured SSH server (RADIUS or TACACS+). The
no
form of the command disables SSH on the switch.
Options
cipher cipher-type
-
Specify a cipher type to use for connection.
Valid types are:
-
aes128–cbc
-
3des-cbc
-
aes192–cbc
-
aes256–cbc
-
rijndael-cbc@lysator.liu.se
-
aes128–ctr
-
aes192–ctr
-
aes256–ctr
Default: All cipher types are available.
Use the
no
form of the command to disable a cipher type. -
filetransfer
-
Enables SSH on the switch to connect to an SCP or SFTP client application to transfer files to and from the switch over IPv4 or IPv6.
Default: Disabled
NOTE:Enabling
filetransfer
automatically disables TFTP client and TFTP server functionality. mac MAC-type
-
Allows configuration of the set of MACs that can be selected. Valid types are:
-
hmac-md5
-
hmac-sha1
-
hmac-sha1–96
-
hmac-md5–96
Default: All MAC types are available.
Use the
no
form of the command to disable a MAC type. -
port [1 - 65535|default]
-
TCP port number used for SSH sessions in IPv4 and IPv6 connections
Default: 22.
Valid port numbers are from 1 to 65535, except for port numbers 23, 49, 80, 280, 443, 1506, 1513, and 9999, which are reserved for other subsystems.
public-key [manager|operator]keystring
-
Store a client-generated key for public-key authentication.
- manager
-
Allows manager-level access using SSH public-key authentication.
- operator
-
Allows operator-level access using SSH public-key authentication.
- keystring
-
A legal SSHv2 (RSA or DSA) public key. The text string for the public key must be a single-quoted token. If the keystring contains double quotes, it can be quoted with single quotes ('key-string'). The following restrictions for a keystring apply:-
-
A keystring cannot contain both single and double quotes.
-
A keystring cannot have extra characters, such as a blank space or a new line. (To improve readability, you can add a backlash at the end of each line.)
-
For more information on configuring and using SSH public keys to authenticate SSH clients connecting to the switch, see chapter "Configuring Secure Shell" in the latest Access Security Guide for your switch.
timeout 5 - 120
-
Time out value allowed to complete an SSH authentication and login on the switch.
Default: 120 seconds.
listen [oobm|data|both]
-
The
listen
parameter is available only on switches that have a separate OOBM port. Values for this parameter are:
Restrictions
For both IPv4 and IPv6, the switch supports only SSH version 2. You cannot set up an SSH session with a client device running SSH version 1.
The
listen
parameter is not available on switches that do not have a separate OOBM port.