Setting the SSH management parameters

Setting these parameters can help avoid malicious guessing at and cracking of the keys and usernames, securing your SSH connections.

IMPORTANT:

Authentication fails if the number of authentication attempts (including both publickey and password authentication) exceeds that specified in the ssh server authentication-retries command.

To set the SSH management parameters:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enable the SSH server to support SSH1 clients.	ssh server compatible-ssh1x [ enable ]	Optional. By default, the SSH server supports SSH1 clients. This command is not available in FIPS mode.
3. Set the RSA server key pair update interval.	ssh server rekey-interval hours	Optional. By default, the interval is 0, and the RSA server key pair is not updated. This command is not available in FIPS mode. This command is applicable to SSH1 clients.
4. Set the SSH user authentication timeout period.	ssh server authentication-timeout time-out-value	Optional. 60 seconds by default.
5. Set the maximum number of SSH authentication attempts.	ssh server authentication-retries times	Optional. 3 by default.
6. Specify an ACL to control SSH user connections.	Control IPv4 SSH user connections:ssh server acl acl-number Control IPv6 SSH user connections:ssh server ipv6 acl ipv6 acl-number	Optional. By default, all SSH users are allowed to initiate connections with the SSH server.

prev	up	next
Configuring an SSH user	home	Setting the DSCP value for packets sent by the SSH server