ip ssh sleep
■ Use to set a sleep period in seconds for users that have exceeded the
authentication retry limit. Connection attempts from the user at the same host
are denied until this period expires.
■ Specify any nonnegative integer.
■ Example
host1(config)#ip ssh sleep 300
■ Use the no version to restore the default value, 600 seconds.
■ See ip ssh sleep.
ip ssh timeout
■ Use to set a timeout period in seconds. The SSH server terminates the connection
if protocol negotiation—including user authentication—is not completed within
this timeout.
■ Specify an integer in the range 10–600.
■ Example
host1(config)#ip ssh timeout 480
■ Use the no version to restore the default value, 600 seconds.
■ See ip ssh timeout.
Configuring Message Authentication
The SSH server and SSH client maintain separate lists of the message authentication
algorithms that each supports. Lists are kept for inbound and outbound algorithms.
For the server, inbound means the algorithms that the server supports for information
coming in from a client. For the server, outbound means the algorithms that the
server supports for information it sends out to a client. You must configure each list
separately. By default, all of the supported encryption algorithms are available. You
need to configure encryption only if you need to specifically remove or add any
supported algorithm from the list. The system supports the following SSH algorithms
for hash function-based message authentication:
■ hmac-sha1—Uses Secure Hash Algorithm 1 (SHA-1) to create a 160-bit message
digest from which it generates the MAC.
■ hmac-sha1-96—Uses the first 96 bits of the SHA-1 message digest to generate
the MAC.
■ hmac-md5—Uses MD5 hashing to create a 128-bit message digest from which
it generates the MAC.
Although it is not recommended, you can also specify none. In this case, the system
does not verify the integrity of the data.
ip ssh mac
442 ■ Secure System Administration with SSH
JUNOSe 11.1.x System Basics Configuration Guide
To Next Page
Loading...