Chapter 2 Configuring the Secure Shell Daemon Protocol
Configuring SSH Access
Configuring SSH Access
SSH access to the CSS is enabled by default through the no restrict ssh command. You can verify the SSH access selection in the
To enhance security when using SSHD, disable Telnet access (Telnet access is enabled by default). Use the
To enable SSH access to the CSS, enter:
(config)# no restrict ssh
To disable SSH access, enter:
(config)# restrict ssh
Configuring SSHD in the CSS
The CSS provides the following commands for configuring SSHD:
•sshd keepalive - Enables TCP keepalive messages
•sshd port - Specifies the SSHD port
•sshd
•sshd version - Configures the version of SSH protocol that the CSS supports.
Ensure you enable SSHD access to the CSS for SSHD to accept connections from SSH clients. By default, SSH access is enabled through the no restrict ssh global command.
Configuring SSHD Keepalive
The CSS supports sending TCP keepalive messages to the client as a means for the server to determine whether the SSHD connection to the client is functioning (for example, if the network has gone down or the client has become unresponsive). If you disable sending SSHD keepalives to a client, sessions may hang indefinitely on the server, which consumes system resources.
|
| Cisco Content Services Switch Security Configuration Guide |
|
|
|
|
| ||
|
|
| ||
|
|
|
