NVIDIA MLNX-OS User Manual v3.11.2206 LTS
v3.11.2206

Secure Shell (SSH)

Warning

It is recommended not to use more than 50 concurrent SSH sessions.

To add entries to the global known-hosts configuration file and its SSH value, do the following.

  1. Change to Config mode.

    Copy
    Copied!
                

    switch > enable switch # configure terminal switch (config) #

  2. Add an entry to the global known-hosts configuration file and its SSH value.

    Copy
    Copied!
                

    switch (config) # ssh client global known-host "myserver ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAsXeklqc8T0EN2mnMcVcfhueaRYzIVqt4rVsrERIjmlJh4mkYYIa8hGGikNa+t5xw2dRrNxnHYLK51bUsSG1ZNwZT1Dpme3pAZeMY7G4ZMgGIW9xOuaXgAA3eBeoUjFdi6+1BqchWk0nTb+gMfI/MK/heQNns7AtTrvqg/O5ryIc=”

  3. Verify what keys exist in the host.

    Copy
    Copied!
                

    switch (config) # show ssh client SSH client Strict Hostkey Checking: ask   SSH Global Known Hosts: Entry 1: myserver Finger Print: d5:d7:be:d7:6c:b1:e4:16:df:61:25:2f:b1:53:a1:06   No SSH user identities configured.   No SSH authorized keys configured.

    Warning

    RSA2 and a DSA2 host keys are generated by default. The RSA2 key can be used as SSH server and client, while DSA2 key can only be used as SSH client.
    When the switch is a server, use RSA key to connect to the device.

    When the switch is a client (e.g., downloading image or uploading logs), RSA key is recommended. DSA key is only for legacy devices and has been deprecated by OpenSSH starting with the 7.0 release.

To stop the CLI and set the system to send return errors if some commands fail, do the following.

  1. Connect to the system from the host SSH.

  2. Add the flag "-h" after "cli" to notify the system to halt on failure and pass through the exit code.

    Copy
    Copied!
                

    ssh <username>@<hostname> cli -h '"enable" "show interfaces brief"'

© Copyright 2023, NVIDIA. Last updated on Mar 13, 2024.