Chapter 38 System Remote Management

38.4.3 SSH Commands

The following table describes the commands available for SSH. You must use the configure terminal command to enter the configuration mode before you can use these commands.

Table 172 Command Summary: SSH

COMMAND

DESCRIPTION

[no] ip ssh server

Allows SSH access to the ZyWALL CLI. The no command

 

disables SSH access to the ZyWALL CLI.

 

 

[no] ip ssh server cert certificate_name

Sets a certificate whose corresponding private key is to be

 

used to identify the ZyWALL for SSH connections. The no

 

command resets the certificate used by the SSH server to

 

the factory default (default).

 

certificate_name: The name of the certificate. You can use

 

up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=-

 

characters.

 

 

[no] ip ssh server port <1..65535>

Sets the SSH service port number. The no command resets

 

the SSH service port number to the factory default (22).

 

 

ip ssh server rule {rule_numberappendinsert

Sets a service control rule for SSH service.

rule_number} access-group {ALLaddress_object}

address_object: The name of the IP address (group) object.

zone {ALLzone_object} action {acceptdeny}

You may use 1-31 alphanumeric characters, underscores(_),

 

 

or dashes (-), but the first character cannot be a number.

 

This value is case-sensitive.

 

zone_object: The name of the zone. For the ZyWALL USG

 

300 and above, use up to 31 characters (a-zA-Z0-9_-). The

 

name cannot start with a number. This value is case-

 

sensitive.

 

The ZyWALL USG 200 and lower models use pre-defined

 

zone names like DMZ, LAN1, SSL VPN, WLAN, IPSec VPN,

 

OPT, and WAN.

 

 

ip ssh server rule move rule_number to rule_number

Changes the index number of a SSH service control rule.

[no] ip ssh server v1

Enables remote management using SSH v1. The no

 

command stops the ZyWALL from using SSH v1.

 

 

no ip ssh server rule rule_number

Deletes a service control rule for SSH service.

show ip ssh server status

Displays SSH settings.

38.4.4 SSH Command Examples

This command sets a service control rule that allowed the computers with the IP addresses matching the specified address object to access the specified zone using SSH service.

Router# configure terminal

Router(config)# ip ssh server rule 2 access-group Marketing zone WAN action accept

This command sets a certificate (Default) to be used to identify the ZyWALL.

Router# configure terminal

Router(config)# ip ssh server cert Default

 

289

ZyWALL (ZLD) CLI Reference Guide