[x]

Configuring the device as an SSH server > Configuring the SSH management parameters

 

 Next

Configuring the SSH management parameters

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enable the SSH server to support SSH1 clients.

ssh server compatible-ssh1x enable

By default, the SSH server does not support SSH1 clients.

This command is not available in FIPS mode.

3. Set the minimum interval for updating the RSA server key pair.

ssh server rekey-interval interval

By default, the RSA server key pair is not updated.

This command takes effect only on SSH1 users.

This command is not available in FIPS mode.

4. Set the SSH user authentication timeout timer.

ssh server authentication-timeout time-out-value

The default setting is 60 seconds.

If a user does not finish the authentication when the timeout timer expires, the connection cannot be established.

5. Set the maximum number of SSH authentication attempts.

ssh server authentication-retries retries

The default setting is 3.

If the authentication method is any, the total number of publickey authentication attempts and password authentication attempts cannot exceed the upper limit.

6. Specify an ACL to control SSH user connections.

  • Control IPv4 SSH user connections:ssh server acl { basic-acl-number | advanced-acl-number | mac mac-acl-number }

  • Control IPv6 SSH user connections:ssh server ipv6 acl { ipv6 basic-acl-number | ipv6 advanced-acl-number | mac mac-acl-number }

By default, no ACLs are specified and all SSH users can initiate SSH connections to the server.

7. Set the DSCP value in the packets that the SSH server sends to the SSH clients.

  • Set the DSCP value in IPv4 packets:ssh server dscp dscp-value

  • Set the DSCP value in IPv6 packets:ssh server ipv6 dscp dscp-value

The default setting is 48.

The DSCP value of a packet defines the priority of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority.

8. Set the SFTP connection idle timeout timer.

sftp server idle-timeout time-out-value

The default setting is 10 minutes.

When the idle timeout timer expires, the system automatically tears the connection down.

9. Set the maximum number of concurrent online SSH users.

aaa session-limit ssh max-sessions

The default setting is 32.

When the number of online SSH users reaches the upper limit, the system denies new SSH connection requests.

Changing the upper limit does not affect online SSH users.

prev

 

up

 next

Configuring an SSH user 

home

 Configuring the device as an Stelnet client

© Copyright 2017 Hewlett Packard Enterprise Development LP