Setting the SSH management parameters
Configure SSH management parameters to improve the security of SSH connections.
To set the SSH management parameters:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable the SSH server to support SSH1 clients. | ssh server compatible-ssh1x [ enable ] | Optional. By default, the SSH server supports SSH1 clients. This command is not available in FIPS mode. |
3. Set the RSA server key pair update interval. | ssh server rekey-interval hours | Optional. By default, the RSA server key pair is not updated. This command takes effect only on SSH1 users. This command is not available in FIPS mode. |
4. Set the SSH user authentication timeout period. | ssh server authentication-timeout time-out-value | Optional. 60 seconds by default. If a user does not finish the authentication when the timeout timer expires, the connection cannot be established. |
5. Set the maximum number of SSH authentication attempts. | ssh server authentication-retries times | Optional. 3 by default. Setting the maximum number of authentication attempts prevents malicious hacking of usernames and passwords. |
6. Configure the SFTP connection idle timeout period. | sftp server idle-timeout time-out-value | Optional. 10 minutes by default. When the idle timeout timer expires, the system automatically terminates the connection. |
7. Specify an ACL to control SSH user connections. |
| Optional. By default, no ACLs are specified and all SSH users can initiate connections to the server. |
![[NOTE: ]](images/note.png) | NOTE: Authentication fails if the number of authentication attempts (including both publickey and password authentication) exceeds that specified by the ssh server authentication-retries command. | |