Dell S5148F-ON OS10 Enterprise Edition User Guide Release 10.3.2E-R2 - Page 355
SSH Server, Security commands, aaa authentication
View all Dell S5148F-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 355 highlights
SSH Server The secure shell (SSH) server allows an SSH client to access an OS10 switch through a secure, encrypted connection. Configure SSH server • The SSH server is enabled by default. You can disable the SSH server using no ip ssh server enable. • Challenge response authentication is disabled by default. To enable, use the ip ssh server challenge-response- authentication command. • Host-based authentication is disabled by default. To enable, use the ip ssh server hostbased-authentication command. • Password authentication is enabled by default. To disable, use the no ip ssh server password-authentication command. • Public key authentication is enabled by default. To disable, use the no ip ssh server pubkey-authentication command. • Configure the list of cipher algorithms using ip ssh server cipher cipher-list. • Configure Key Exchange algorithms using ip ssh server kex key-exchange-algorithm. • Configure hash message authentication code (HMAC) algorithms using ip ssh server mac hmac-algorithm. • Configure the SSH server listening port using ip ssh server port port-number. • Configure the SSH server to be reachable on the management VRF using ip ssh server vrf. • Configure the SSH login timeout using the ip ssh server login-grace-time seconds command (0 to 300; default 60). To reset the default SSH prompt timer, enter no ip ssh server login-grace-time. • Configure the maximum number of authentication attempts using the ip ssh server max-auth-tries number command (0 to 10; default 6). To reset the default, enter no ip ssh server max-auth-tries. The max-auth-tries value includes all authentication attempts, including public-key and password. If both public-key based authentication and password authentication are enabled, the public-key authentication is the default and is tried first. If it fails, the number of max-auth-tries is reduced by one. In this case, if you configured ip ssh server max-auth-tries 1, the password prompt does not display. Security commands aaa authentication Configures the AAA authentication method for user access. Syntax aaa authentication {local | radius | tacacs} Parameters • local - Use local (RBAC) access control. • radius - Use the RADIUS servers configured with the radius-server host command. • tacacs - Use the TACACS+ servers configured with the tacacs-server host command. Default Command Mode Usage Information Example Local authentication CONFIGURATION There is no no version of this command. To reset the authentication method to local, enter the aaa authentication local command. OS10(config)# aaa authentication radius Supported Releases 10.2.0E or later System management 355