Use to add a message authentication algorithm to the specified support list for
the SSH server.
■
Example 1—This example adds the hmac-md5 algorithm to the list of supported
outbound algorithms.
host1(config)#ip ssh mac server-to-client hmac-md5
■ If you to not specify a direction (client-to-server or server-to-client), the command
applies the algorithm to both inbound and outbound lists.
■ The default version restores the specified list to the factory default, which includes
all supported algorithms (hmac-md5, hmac-sha1, and hmac-sha1-96). The default
list does not include the none option.
■ Example 2—This example restores the hmac-sha1 algorithm to the list of
supported inbound algorithms.
host1(config)#ip ssh mac client-to-server default hmac-sha1
■ Use the no version to remove or exclude an algorithm from the specified list.
Example 3—This example removes the hmac-sha1 algorithm from the list of
supported inbound algorithms.
host1(config)#ip ssh mac client-to-server no hmac-sha1
■ See ip ssh mac.
Enabling and Disabling SSH
The SSH server daemon starts only if the server host key exists when the router
boots. The host key resides in NVS and is persistent across system reboots. After it
has started, the daemon listens for traffic on TCP port 22. The server daemon is
disabled by default.
crypto key dss
■ Use the generate keyword to create the SSH server host key and enable the
daemon.
■ Example
host1(config)#crypto key generate dss
■ Use the zeroize keyword to remove the SSH server host key and stop the SSH
daemon if it is running. Issuing this command terminates any active client
sessions. The next time the router boots after this command is issued, the SSH
server daemon is not started.
■ The command is not displayed by the show configuration command.
NOTE: SSH can be enabled or disabled regardless of the state of the Telnet daemon.
If SSH is enabled, use access control lists to limit access through Telnet. See “Virtual
Terminal Access Lists” on page 434 for information about using access control lists.
Secure System Administration with SSH ■ 443
Chapter 7: Passwords and Security
To Next Page
Loading...
Need help?
General
