337
2.
support SSH1 clients.
ssh server compatible-ssh1x
enable
By default, the SSH server
supports SSH1 clients.
This command is not available in
FIPS mode.
3. Set the RSA server key pair
update interval.
ssh server rekey-interval
hours
By default, the
update the RSA server key pair.
This command takes effect only
on SSH1 users.
This command is not available in
FIPS mode.
4.
authentication timeout timer.
authentication-timeout
time-out-value
The default setting is 60 seconds.
If a user does not finish the
authentication when the timeout
timer
cannot be established.
5. Set the maximum number of
attempts.
authentication-retries
times
The default setting is 3.
If a user does not finish the
authentication when the timeout
timer
cannot be established.
6.
Specify an ACL to control
SSH user connections.
•
connections:
ssh server acl acl-number
• Control IPv6
connections:
ssh server ipv6 acl [ ipv6 ]
acl-number
By default, no ACLs are specified
and all
connections to the server.
7. Set the DSCP value in the
packets that the SSH server
sends to the SSH clients.
• Set the DSCP value in IPv4
packets:
ssh server dscp dscp-value
• Set the DSCP value in IPv6
packets:
ssh server ipv6 dscp
dscp-value
The default setting is 48.
The DSCP value of a packet
defines the priority of the packet
and affects the transmission
priority of the packet. A bigger
DSCP value represents a higher
priority.
8.
Configure the SFTP
connection idle timeout
timer.
sftp server idle-timeout
time-out-value
The default setting is 10 minutes.
When the idle timeout timer
expires, the system automatically
terminates the connection.
9.
number of concurrent online
SSH users.
aaa session-limit ssh
max-sessions
The default setting is 32.
When the number of online SSH
users reaches the upper limit, the
system denies
connection requests.
Changing the upper limit does not
affect online SSH users.
Specifying a PKI domain for the SSH server
This feature is available in Release 1121 and later.
To Next Page
Loading...
Need help?
General