SSH Server

The nv unset commands remove the configuration you set with the equivalent nv set commands. This guide only describes an nv unset command if it differs from the nv set command.


nv set system ssh-server allow-users <user-id>

Configures the user accounts that you to allow to establish an SSH session.

Command Syntax

Syntax Description
<user-id> The user account name.

Version History

Introduced in Cumulus Linux 5.6.0

Example

cumulus@switch:~$ nv set system ssh-server allow-users user1

nv set system ssh-server authentication-retries

Configures the number of login attempts allowed before rejecting the SSH session. You can set a value between 3 and 100.

Version History

Introduced in Cumulus Linux 5.6.0

Example

cumulus@switch:~$ nv set system ssh-server authentication-retries 10

nv set system ssh-server deny-users <user-id>

Configures the user accounts that are not allowed to establish an SSH session.

Command Syntax

Syntax Description
<user-id> The user account name.

Version History

Introduced in Cumulus Linux 5.6.0

Example

cumulus@switch:~$ nv set system ssh-server deny-users user3

nv set system ssh-server inactive-timeout

Configures the amount of time a session can be inactive before the SSH server terminates the connection.

Version History

Introduced in Cumulus Linux 5.6.0

Example

cumulus@switch:~$ nv set system ssh-server inactive-timeout 5

nv set system ssh-server login-record-period

Configures the number of days on which to calculate login records, to be shown after login. You can set a value between 1 and 30.

Version History

Introduced in Cumulus Linux 5.10.0

Example

cumulus@switch:~$ nv set system ssh-server login-record-period 20

nv set system ssh-server login-timeout

Configures the number of seconds allowed before login times out. You can set a value between 1 and 600.

Version History

Introduced in Cumulus Linux 5.6.0

Example

cumulus@switch:~$ nv set system ssh-server login-timeout 200

nv set system ssh-server max-sessions-per-connection

Configures the maximum number of SSH sessions allowed per TCP connection. You can specify a value between 1 and 100.

Version History

Introduced in Cumulus Linux 5.6.0

Example

cumulus@switch:~$ nv set system ssh-server max-sessions-per-connection 10

nv set system ssh-server max-unauthenticated session-count

Configures the maximum number of unauthenticated SSH sessions allowed. You can set a value between 1 and 10000.

Version History

Introduced in Cumulus Linux 5.6.0

Example

cumulus@switch:~$ nv set system ssh-server max-unauthenticated session-count 20

nv set system ssh-server max-unauthenticated throttle-percent

Configures the starting percentage of connections to reject above the throttle start count before reaching the session count limit. You can set a value between 1 and 100.

Version History

Introduced in Cumulus Linux 5.6.0

Example

cumulus@switch:~$ nv set system ssh-server max-unauthešticated throttle-percent 20

nv set system ssh-server max-unauthenticated throttle-start

Configures the number of unauthenticated SSH sessions allowed before throttling starts. You can set a value between 1 and 10000.

Version History

Introduced in Cumulus Linux 5.6.0

Example

cumulus@switch:~$ nv set system ssh-server max-unauthenticated throttle-start 5

nv set system ssh-server permit-root-login

Configures the root account to use SSH to log into the switch with one of the following:

  • A password (enabled or disabled).
  • A public key or any allowed mechanism that is not a password and not keyboardinteractive. This is the default setting (prohibit-password).
  • A set of commands defined in the authorized_keys file (forced-commands-only).

Version History

Introduced in Cumulus Linux 5.6.0

Example

cumulus@switch:~$ nv set system ssh-server permit-root-login forced-commands-only

nv set system ssh-server port <port-id>

Configures the TCP port numbers that can listen for incoming SSH sessions.

Command Syntax

Syntax Description
<port-id> The port number.

Version History

Introduced in Cumulus Linux 5.6.0

Example

cumulus@switch:~$ nv set system ssh-server port 443

nv set system ssh-server state

Enables or disables the SSH server on the switch.

Version History

Introduced in Cumulus Linux 5.6.0

Example

cumulus@switch:~$ nv set system ssh-server state disabled

nv set system ssh-server strict

Enables or disables SSH strict mode. By default, SSH strict mode is on so that Cumulus Linux disables X11, TCP forwarding, and compression and enforces secure ciphers.

Version History

Introduced in Cumulus Linux 5.9.0

Example

cumulus@switch:~$ nv set system ssh-server strict disabled

nv set system ssh-server vrf <vrf-id>

Configures the VRFs on which you want the SSH service to run. The SSH service runs in the default VRF on the switch but listens on all interfaces in all VRFs.

Command Syntax

Syntax Description
<vrf-id> The VRF you want to configure.

Version History

Introduced in Cumulus Linux 5.6.0

Example

cumulus@switch:~$ nv set system ssh-server vrf RED