SSH Server
The nv unset commands remove the configuration you set with the equivalent nv set commands. This guide only describes an nv unset command if it differs from the nv set command.
nv set system ssh-server max-unauthenticated session-count
Configures the maximum number of unauthenticated SSH sessions allowed. You can set a value between 1 and 10000.
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server max-unauthenticated session-count 20
nv set system ssh-server max-unauthenticated throttle-percent
Configures the starting percentage of connections to reject above the throttle start count before reaching the session count limit. You can set a value between 1 and 100.
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server max-unauthešticated throttle-percent 20
nv set system ssh-server max-unauthenticated throttle-start
Configures the number of unauthenticated SSH sessions allowed before throttling starts. You can set a value between 1 and 10000.
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server max-unauthenticated throttle-start 5
nv set system ssh-server vrf <vrf-id>
Configures the VRFs on which you want the SSH service to run. The SSH service runs in the default VRF on the switch but listens on all interfaces in all VRFs.
Command Syntax
| Syntax | Description |
|---|---|
<vrf-id> |
The VRF you want to configure. |
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server vrf RED
nv set system ssh-server allow-users <user-id>
Configures the user accounts that you to allow to establish an SSH session.
Command Syntax
| Syntax | Description |
|---|---|
<user-id> |
The user account name. |
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server allow-users user1
nv set system ssh-server deny-users <user-id>
Configures the user accounts that are not allowed to establish an SSH session.
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server deny-users user3
nv set system ssh-server port <port-id>
Configures the TCP port numbers that can listen for incoming SSH sessions.
Command Syntax
| Syntax | Description |
|---|---|
<port-id> |
The port number. |
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server port 443
nv set system ssh-server authentication-retries
Configures the number of login attempts allowed before rejecting the SSH session. You can set a value between 3 and 100.
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server authentication-retries 10
nv set system ssh-server login-record-period
Configures and enables SSH login notifications for both SSH and serial connections to help you detect unwanted or malicious activities, such as suspicious logins or password and role changes.
This command sets the time period in days during which to record login notifications. After you set the time period, you see the following SSH login information on the console after authentication:
- The date and time of the last successful login.
- The number of unsuccessful logins after the last successful login.
- The date and time of the last unsuccessful login.
- Changes to a user account after the last login (password, role, group, and so on).
- The location (terminal or IP address) of the last successful or unsuccessful login.
- The total number of successful logins after a specific date and time.
A value of 0 disables SSH login notifications.
Version History
Introduced in Cumulus Linux 5.10.0
Example
cumulus@switch:~$ nv set system ssh-server login-record-period 20
nv set system ssh-server login-timeout
Configures the number of seconds allowed before login times out. You can set a value between 1 and 600.
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server login-timeout 200
nv set system ssh-server inactive-timeout
Configures the amount of time a session can be inactive before the SSH server terminates the connection.
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server inactive-timeout 5
nv set system ssh-server permit-root-login
Configures the root account to use SSH to log into the switch with one of the following:
- A password (
enabledordisabled). - A public key or any allowed mechanism that is not a password and not keyboardinteractive. This is the default setting (
prohibit-password). - A set of commands defined in the authorized_keys file (
forced-commands-only).
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server permit-root-login forced-commands-only
nv set system ssh-server max-sessions-per-connection
Configures the maximum number of SSH sessions allowed per TCP connection. You can specify a value between 1 and 100.
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server max-sessions-per-connection 10
nv set system ssh-server state
Enables or disables the SSH server on the switch.
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server state disabled
nv set system ssh-server strict
Enables or disables SSH strict mode. By default, SSH strict mode is on so that Cumulus Linux disables X11, TCP forwarding, and compression and enforces secure ciphers.
Version History
Introduced in Cumulus Linux 5.9.0
Example
cumulus@switch:~$ nv set system ssh-server strict disabled