ip ssh

Syntax

ip ssh [cipher <cipher-type>] [mac <mac–type>] [port <1-65535|default>] [timeout <5-120>]
ip ssh [cipher <cipher-type>] [mac <mac–type>]
no ip ssh [cipher <cipher-type>] [mac <mac–type>]

Description

Enables SSH on the switch.

The no form of the command disables SSH on the switch.

Parameter


[cipher <cipher-type>]

Specify a cipher type to use for connection.

Valid types are:

  • aes128-cbc

  • 3des-cbc

  • aes192-cbc

  • aes256-cbc

  • aes128-ctr

  • aes192-ctr

  • aes256-ctr

Default: All cipher types are available.

Use the no form of the command to disable a cipher type.


[filetransfer]

Enable/disable secure file transfer capability.

SCP and SFTP secure file transfer will not function unless SSH is also enabled.


[mac <mac–type>]

Allows configuration of the set of MACs that can be selected.

Valid types are:

  • hmac-md5

  • hmac-sha1

  • hmac-sha1-96

  • hmac-md5-96

Default: All MAC types are available.

Use the no form of the command to disable a MAC type.


[port <1-65535|default>]

The TCP port number for SSH connections.

Default: 22.


[timeout <5-120>]

Sets the maximum length of time (in seconds) allowed for initial protocol negotiation and authentication.

Default: 120 seconds

NOTE:

Hewlett Packard Enterprise recommends using the default TCP port number (22). However, you can use the ip ssh port command to specify any TCP port for SSH connections except those reserved for other purposes. Examples of reserved port numbers reserved IP ports are 23 (Telnet) and 80 (http). Some other reserved TCP ports on the switch are 49, 80, 1506, and 1513.