Online demo
Contact us
2.8. SSH Commands
2.8.1. ip ssh server
Command Purpose
To enable SSH service, use ip ssh server enable command in Global Configuration. To disable SSH service, use ip ssh server disable command.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
ip ssh server ( enable | disable )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
enable |
Turn on the SSH service |
- |
disable |
Turn off the SSH service |
- |
Command Mode
Global Config
Default
SSH service is enabled.
Usage
None
Examples
The following example enables the SSH service on your switch:
Switch# configure terminal
Switch(config)# ip ssh server enable
2.8.2. ip ssh server authentication-retries
Command Purpose
To configure Secure Shell (SSH) authentication retry times on your switch, use the ip ssh server authentication-retries command in Global Configuration. To restore the default value, use the no form of this command.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
ip ssh server authentication-retries COUNT
no ip ssh server authentication-retries
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
COUNT |
The number of retries, with a maximum of 6 authentication retries |
1-6 |
Command Mode
Global Config
Default
The default is 6.
Usage
None
Examples
The following examples configure SSH authentication retry times on your switch:
Switch# configure terminal
Switch(config)# ip ssh server authentication-retries 3
Related Commands
show ip ssh server status
2.8.3. ip ssh server authentication-timeout
Command Purpose
To configure Secure Shell (SSH) authentication timeout on your switch, use the ip ssh server authentication-timeout command in Global Configuration. To restore the default value, use the no form of this command.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
ip ssh server authentication-timeout SECONDS
no ip ssh server authentication-timeout
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SECONDS |
The number of seconds until timeout disconnects |
1-120 seconds |
Command Mode
Global Config
Default
The default is 120 seconds.
Usage
None
Examples
The following examples configure SSH authentication timeout on your switch:
Switch# configure terminal
Switch(config)# ip ssh server authentication-timeout 100
Related Commands
show ip ssh server status
2.8.4. ip ssh server authentication-type
Command Purpose
To configure Secure Shell (SSH) authentication type on your switch, use the ip ssh server authentication-type command in Global Config. To restore the default value, use the no form of this command.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
ip ssh server authentication-type ( all | { password | public-key | rsa } )
no ip ssh server authentication-type
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
all |
Enable all authentication type |
- |
password |
Enable password authentication |
- |
public-key |
Enable SSHv2 public key authentication |
- |
rsa |
Enable SSHv1 rsa authentication |
- |
Command Mode
Global Config
Default
The default authentication type is all.
Usage
None
Examples
The following examples configure SSH authentication type on the switch:
Switch# configure terminal
Switch(config)# ip ssh server authentication-type password
Related Commands
show ip ssh server status
2.8.5. ip ssh server host-key rsa key
Command Purpose
To configure Secure Shell (SSH) host-key on your switch, use the ip ssh server host-key rsa key command in Global Config. To restore the default value, use the no form of this command.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
ip ssh server host-key rsa key KEYNAME
no ip ssh server host-key rsa
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
KEYNAME |
The key value for host key |
Up to 32 characters |
Command Mode
Global Config
Default
None
Usage
Host-key is used to combining public key to generate a session. When SSH login,modifing host-key can cause connection closed.
Examples
The following examples configure SSH host key on your switch:
Switch# configure terminal
Switch(config)# ip ssh server host-key rsa key KEY1
Related Commands
show ip ssh server status
2.8.6. ip ssh server rekey-interval
Command Purpose
To configure Secure Shell (SSH) rekey interval on your switch, use the ip ssh server rekey-interval command in Global Config. To restore the default value, use the no form of this command.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
ip ssh server rekey-interval MINUTE
no ip ssh server rekey-interval
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
MINUTE |
The rekey interval in minutes |
1-1440 minutes |
Command Mode
Global Config
Default
The default interval is 60 minutes.
Usage
None
Examples
The following examples configure SSH rekey interval on your switch:
Switch# configure terminal
Switch(config)# ip ssh server rekey-interval 30
Related Commands
show ip ssh server status
2.8.7. ip ssh server version
Command Purpose
To configure Secure Shell (SSH) version on your switch, use the ip ssh server version command in Global Config. To restore the default value, use the no form of this command.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
ip ssh server version ( 1 | 2 | all )
no ip ssh server version
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
1 |
Switch runs only SSH Version 1 |
- |
2 |
Switch runs only SSH Version 2 |
- |
all |
Version 1 and Version 2 are both supported |
- |
Command Mode
Global Config
Default
The default SSH version is 2.
Usage
You can use this command with the 2 keyword to ensure that your switch will not inadvertently establish a weaker SSH Version 1 connection.
Examples
The following example shows that only SSH Version 1 support is configured:
Switch# configure terminal
Switch(config)# ip ssh server version 1
Related Commands
show ip ssh server status
2.8.8. ip ssh server source address
Command Purpose
To configure the source address of Secure Shell (SSH) server on your switch, use the ip ssh server source command in Global Config. To restore the default value, use the no form of this command.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
ip ssh server source address { vrf NAME | } IP_ADDR
no ip ssh server source address
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
vrf NAME |
Specify a vrf to provide SSH server |
Up to 15 characters |
IP_ADDR |
Configure IP address for SSH server working inband |
IPv4 Address |
Command Mode
Global Config
Default
None
Usage
You can use this command to modify the address which SSH server works on, and specify a vrf to provide SSH server. The source address can only be 0.0.0.0 or loopback interface’s address, 0.0.0.0 indicates that the SSH server address is not specified.
Examples
The following example shows how to set SSH server inbind address :
Switch# configure terminal
Switch(config)# ip ssh server source address 10.10.10.1
Related Commands
ip ssh server
2.8.9. ip ssh server source port
Command Purpose
To configure the TCP port for SSH server working inband on your switch, use the ip ssh server source command in Global Config. To restore the default value, use the no form of this command.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
ip ssh server source port NUMBER
no ip ssh server source port
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
port NUMBER |
Configure TCP port for SSH server working inband |
1025-65535 |
Command Mode
Global Config
Default
None
Usage
The CLI of no ip ssh server source port will configure TCP port for
SSH server working inband with default value of 22.
Examples
The following example shows the special port is configured:
Switch# configure terminal
Switch(config)# ip ssh server source port 2222
Related Commands
ip ssh server
2.8.10. ip ssh server source mgmt-if port
Command Purpose
To configure the TCP port for SSH server working outband on your switch, use the ip ssh server source command in Global Config. To restore the default value, use the no form of this command.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
ip ssh server source mgmt-if port NUMBER
no ip ssh server source mgmt-if port
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
mgmt-if port NUMBER |
Configure TCP port for SSH server working outband |
1025-65535 |
Command Mode
Global Config
Default
None
Usage
The CLI of “no ip ssh server source mgmt-if port” will configure TCP port for SSH server working outband with default value of 22.
Examples
The following example shows the special port is configured:
Switch# configure terminal
Switch(config)# ip ssh server source mgmt-if port 2222
Related Commands
ip ssh server
2.8.11. show ip ssh server status
Command Purpose
To display the version and configuration data for Secure Shell (SSH), use the show ip ssh server status command in Privileged EXEC mode.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
show ip ssh server status
Command Mode
Privileged EXEC
Default
None
Usage
None
Examples
The following example shows the current SSH configurations:
Switch# show ip ssh server status
SSH server enabled
Version: 1.99
Authentication timeout: 33 second(s)
Authentication retries: 6 time(s)
Server key lifetime: 60 minute(s)
Authentication type: password, public-key
Related Commands
show ip ssh server session
2.8.12. rsa key generate
Command Purpose
To create a key by system, use the rsa key generate command in Global Configuration.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
rsa key KEYNAME generate
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
KEYNAME |
The name of the key |
Up to 32 characters |
Command Mode
Global Config
Default
None
Usage
Use the rsa key command to create a key by system.
Examples
The following example creates a key named KEY1:
Switch# configure terminal
Switch(config)# rsa key KEY1 generate
Generating RSA private key, 1024 bit long modulus
Please waiting for a moment: done!
Public exponent is 65537 (0x10001)
Generate RSA key successfully
Switch(config)#
Related Commands
show rsa keys
2.8.13. rsa key
Command Purpose
To create a key, use the rsa key command in Global Config.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
rsa key KEYNAME
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
KEYNAME |
The name of the key |
Up to 32 characters |
Command Mode
Global Config
Default
None
Usage
Use the rsa key command to create a key.
Examples
The following example creates a key named KEY1:
Switch# configure terminal
Switch(config)# rsa key KEY1
Switch(config-rsa-key)#
Related Commands
show rsa keys
2.8.14. key format
Command Purpose
To specify the key format, use the key format command in RSA key configuration mode.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
key format ( der | pem )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
der |
The format is der |
- |
pem |
The format is pem |
- |
Command Mode
Rsa Key Configuration
Default
The default key format is DER.
Usage
None
Examples
The following example specify the key format of KEY1 as der :
Switch# configure terminal
Switch(config)# rsa key KEY1
Switch(config-rsa-key)# key format der
Related Commands
rsa key
2.8.15. key string end
Command Purpose
To exit the rsa key configuration mode to Global Config and apply all rsa key configurations, use the key string end command in RSA key configuration mode.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
key string end
Command Mode
Rsa Key Configuration
Default
None
Usage
None
Examples
The following example shows exit the rsa key configuration mode :
Switch# configure terminal
Switch(config)# rsa key KEY1
Switch(config-rsa-key)# key string end
Switch(config)#
Related Commands
rsa key
2.8.16. key type
Command Purpose
To specify the key type, use the key type command in RSA key configuration mode.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
key type ( public | private )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
public |
Specify the key as a public key |
- |
private |
Specify the key as a private key |
- |
Command Mode
Rsa Key Configuration
Default
None
Usage
None
Examples
The following example specifies the key type of KEY1 as public key:
Switch# configure terminal
Switch(config)# rsa key KEY1
Switch(config-rsa-key)# key type public
Related Commands
rsa key
2.8.17. reset
Command Purpose
To clear all key configurations, use the reset command in RSA key configuration mode.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
reset
Command Mode
Rsa Key Configuration
Default
None
Usage
None
Examples
The following example shows to clear all configurations for the key KEY1:
Switch# configure terminal
Switch(config)# rsa key KEY1
Switch(config-rsa-key)# reset
Related Commands
rsa key
2.8.18. validate
Command Purpose
To check the validation of the key strings, use the validate command in RSA key configuration mode.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
validate
Command Mode
Rsa Key Configuration
Default
None
Usage
None
Examples
The following example shows to validate key strings of the key KEY1:
Switch# configure terminal
Switch(config)# rsa key KEY1
Switch(config-rsa-key)# validate
Related Commands
rsa key
2.8.19. KEYLINE
Command Purpose
To add key strings from the screen directly, type any strings in RSA key configuration mode except the keywords in this mode.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
KEYLINE
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
KEYLINE |
key line |
key line string |
Command Mode
Rsa Key Configuration
Default
None
Usage
Type any key string.
Examples
The following example shows to type a key string of the key KEY1:
Switch# configure terminal
Switch(config)# rsa key KEY1
Switch(config-rsa-key)# 00302017 4A7D385B 1234EF29 335FC973
Switch(config-rsa-key)# 2DD50A37 C4F4B0FD 9DADE748 429618D5
Related Commands
validate
2.8.20. rsa key export
Command Purpose
To export the key file to a specified destination, use the rsa key export command in Global Config.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
rsa key KEYNAME export url DEST_FILE ( public | private ) ( der | der-hex | pem | ssh1 | ssh2 )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
KEYNAME |
Specify the key name to display |
Up to 32 characters |
DEST_FILE |
The destination file path and name |
The full path and file name, up to 255 characters |
public |
Specify the key as a public key |
- |
private |
Specify the key as a private key |
- |
der |
DER format |
- |
der-hex |
DER HEX format |
- |
pem |
PEM format |
- |
ssh1 |
SSHv1 format |
- |
ssh2 |
Specify the key format |
- |
Command Mode
Global Config
Default
None
Usage
Use the rsa key generate command to generate a key.
Examples
The following example shows to export the key KEY1 to flash as a public key:
Switch# configure terminal
Switch(config)# rsa key KEY1 export url flash:/key1.pub public ssh2
The following example shows to export the key KEY2 to flash as a private key:
Switch# configure terminal
Switch(config)# rsa key KEY2 export url flash:/key1 private ssh1
Related Commands
rsa key generate
rsa key import
2.8.21. rsa key import
Command Purpose
To import the key file from a specified source, use the rsa key import command in Global Config.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
rsa key KEYNAME import url SRC_FILE ( public | private ) ( der | der-hex | pem | ssh1 | ssh2 )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
KEYNAME |
Specify the key name to display |
Up to 32 characters |
SRC_FILE |
The destination file path and name |
The full path and file name, up to 255 characters |
public |
Specify the key as a public key |
- |
private |
Specify the key as a private key |
- |
der |
DER format |
- |
der-hex |
DER HEX format |
- |
pem |
PEM format |
- |
ssh1 |
SSHv1 format |
- |
ssh2 |
Specify the key format |
- |
Command Mode
Global Config
Default
None
Usage
Use the rsa key to generate command to generate a key.
Examples
The following example shows to import the key KEY1 to flash as a public key:
Switch# configure terminal
Switch(config)# rsa key KEY1 import url flash:/key1.pub public ssh2
The following example shows to import the key KEY2 to flash as a private key:
Switch# configure terminal
Switch(config)# rsa key KEY2 import url flash:/key1 private ssh1
Related Commands
rsa key generate
rsa key export
2.8.22. show rsa key
Command Purpose
To display the details of the keys, use the show rsa key command in Privileged EXEC mode.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
show rsa key KEYNAME
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
KEYNAME |
Specify the key name to display |
Up to 32 characters |
Command Mode
Privileged EXEC
Default
None
Usage
None
Examples
The following example displays the detailed information of the key named “KEY1”:
Switch# show rsa key KEY1
RSA key information:
============================================================
Name: KEY1
Type: private
Modulus: 1024 bit
Usage count: 0
Private key DER code:
30820258
0201
00
028180
9B3E9726 6405BD54 692F172A901F3879 C947366E 5703D282 AA31707F 214D38C9
Related Commands
show rsa keys
2.8.23. show rsa keys
Command Purpose
To display the brief information of all the keys, use the show rsa keys command in Privileged EXEC mode.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
show rsa keys
Command Mode
Privileged EXEC
Default
None
Usage
Use the rsa key generate command to generate a key.
Examples
The following example displays the brief information of the keys:
Switch# show rsa keys
Name Type Usage Modulus
============================================================
key1 private 0 1024
key2 public 0 1024
Related Commands
show rsa key