SSH Server
The nv unset
commands remove the configuration you set with the equivalent nv set
commands. This guide only describes an nv unset
command if it differs from the nv set
command.
nv set system ssh-server allow-users <user-id>
Configures the user accounts that you to allow to establish an SSH session.
Command Syntax
Syntax | Description |
---|---|
<user-id> |
The user account name. |
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server allow-users user1
nv set system ssh-server authentication-retries
Configures the number of login attempts allowed before rejecting the SSH session. You can set a value between 3 and 100.
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server authentication-retries 10
nv set system ssh-server deny-users <user-id>
Configures the user accounts that are not allowed to establish an SSH session.
Command Syntax
Syntax | Description |
---|---|
<user-id> |
The user account name. |
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server deny-users user3
nv set system ssh-server inactive-timeout
Configures the amount of time a session can be inactive before the SSH server terminates the connection.
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server inactive-timeout 5
nv set system ssh-server login-record-period
Configures the number of days on which to calculate login records, to be shown after login. You can set a value between 1 and 30.
Version History
Introduced in Cumulus Linux 5.10.0
Example
cumulus@switch:~$ nv set system ssh-server login-record-period 20
nv set system ssh-server login-timeout
Configures the number of seconds allowed before login times out. You can set a value between 1 and 600.
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server login-timeout 200
nv set system ssh-server max-sessions-per-connection
Configures the maximum number of SSH sessions allowed per TCP connection. You can specify a value between 1 and 100.
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server max-sessions-per-connection 10
nv set system ssh-server max-unauthenticated session-count
Configures the maximum number of unauthenticated SSH sessions allowed. You can set a value between 1 and 10000.
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server max-unauthenticated session-count 20
nv set system ssh-server max-unauthenticated throttle-percent
Configures the starting percentage of connections to reject above the throttle start count before reaching the session count limit. You can set a value between 1 and 100.
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server max-unauthešticated throttle-percent 20
nv set system ssh-server max-unauthenticated throttle-start
Configures the number of unauthenticated SSH sessions allowed before throttling starts. You can set a value between 1 and 10000.
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server max-unauthenticated throttle-start 5
nv set system ssh-server permit-root-login
Configures the root account to use SSH to log into the switch with one of the following:
- A password (
enabled
ordisabled
). - A public key or any allowed mechanism that is not a password and not keyboardinteractive. This is the default setting (
prohibit-password
). - A set of commands defined in the authorized_keys file (
forced-commands-only
).
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server permit-root-login forced-commands-only
nv set system ssh-server port <port-id>
Configures the TCP port numbers that can listen for incoming SSH sessions.
Command Syntax
Syntax | Description |
---|---|
<port-id> |
The port number. |
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server port 443
nv set system ssh-server state
Enables or disables the SSH server on the switch.
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server state disabled
nv set system ssh-server strict
Enables or disables SSH strict mode. By default, SSH strict mode is on
so that Cumulus Linux disables X11, TCP forwarding, and compression and enforces secure ciphers.
Version History
Introduced in Cumulus Linux 5.9.0
Example
cumulus@switch:~$ nv set system ssh-server strict disabled
nv set system ssh-server vrf <vrf-id>
Configures the VRFs on which you want the SSH service to run. The SSH service runs in the default VRF on the switch but listens on all interfaces in all VRFs.
Command Syntax
Syntax | Description |
---|---|
<vrf-id> |
The VRF you want to configure. |
Version History
Introduced in Cumulus Linux 5.6.0
Example
cumulus@switch:~$ nv set system ssh-server vrf RED