Configuring the SSH management parameters
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable the SSH server to support SSH1 clients. | ssh server compatible-ssh1x enable | By default, the SSH server supports SSH1 clients. This command is not available in FIPS mode. |
3. Set the RSA server key pair update interval. | ssh server rekey-interval hours | By default, the device does not update the RSA server key pair. This command takes effect only on SSH1 users. This command is not available in FIPS mode. |
4. Set the SSH user authentication timeout timer. | ssh server authentication-timeout time-out-value | The default setting is 60 seconds. If a user does not finish the authentication when the timeout timer expires, the connection cannot be established. |
5. Set the maximum number of SSH authentication attempts. | ssh server authentication-retries times | The default setting is 3. If a user does not finish the authentication when the timeout timer expires, the connection cannot be established. |
6. Specify an ACL to control SSH user connections. |
| By default, no ACLs are specified and all SSH users can initiate connections to the server. |
7. Set the DSCP value in the packets that the SSH server sends to the SSH clients. |
| The default setting is 48. The DSCP value of a packet defines the priority of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority. |
8. Configure the SFTP connection idle timeout timer. | sftp server idle-timeout time-out-value | The default setting is 10 minutes. When the idle timeout timer expires, the system automatically terminates the connection. |
9. Specify the maximum number of concurrent online SSH users. | aaa session-limit ssh max-sessions | The default setting is 32. When the number of online SSH users reaches the upper limit, the system denies new SSH connection requests. Changing the upper limit does not affect online SSH users. |