SSH

NVIDIA UFM-SDN Appliance Command Reference Guide v4.9.0

ssh server enable
no ssh server enable

Enables the SSH server.
The no form of the command disables the SSH server.

Syntax Description

N/A

Default

Enabled

Configuration Mode

config

History

1.5

Example

Copy
Copied!
            

ufmapl [ mgmt-sa ] (config) # ssh server enable

Related Commands

show ssh server

Notes

Disabling SSH server does not terminate existing SSH sessions, it only prevents new ones from being established.

ssh server host-key {<key type> {private-key <private-key>| public-key <public-key>} | generate}

Manipulates host keys for SSH.

Syntax Description

key-type

  • rsa1 – RSAv1

  • rsa2 – RSAv2

  • dsa2 – DSAv2

private-key

Sets new private-key for the host keys of the specified type

public-key

Sets new public-key for the host keys of the specified type

generate

Generates new RSA and DSA host keys for SSH

Default

SSH keys are locally generated

Configuration Mode

config

History

1.5

Example

Copy
Copied!
            

ufmapl [ mgmt-sa ] (config) # ssh server host-key dsa2 private-key Key: *********************************************** Confirm: ***********************************************

Related Commands

show ssh server

Notes

ssh server listen {enable | interface <inf>}
no ssh server listen {enable | interface <inf>}

Enables the listen interface restricted list for SSH. If enabled, and at least one non-DHCP interface is specified in the list, the SSH connections are only accepted on those specified interfaces.
The no form of the command disables the listen interface restricted list for SSH. When disabled, SSH connections are not accepted on any interface.

Syntax Description

enable

Enables SSH interface restrictions on access to this system

interface

Adds interface to SSH server access restriction list
Possible values: {lo | eth0}

Default

SSH listen is enabled

Configuration Mode

config

History

1.5

Example

Copy
Copied!
            

ufmapl [ mgmt-sa ] (config) # ssh server listen enable

Related Commands

show ssh server

Notes

ssh server min-version <version>
no ssh server min-version

Sets the minimum version of the SSH protocol that the server supports.
The no form of the command resets the minimum version of SSH protocol supported.

Syntax Description

version

Values: 1 or 2

Default

2

Configuration Mode

config

History

1.5

Example

Copy
Copied!
            

ufmapl [ mgmt-sa ] (config) # ssh server min-version 2

Related Commands

show ssh server

Notes

ssh server ports {<port1> [<port2>...]}

Specifies which ports the SSH server listens on.

Syntax Description

port

Port number in [1...65535]

Default

22

Configuration Mode

config

History

1.5

Example

Copy
Copied!
            

ufmapl [ mgmt-sa ] (config) # ssh server ports 22

Related Commands

show ssh server

Notes

  • Multiple ports can be specified by repeating the <port> parameter

  • The command will remove any previous ports if not listed in the command

ssh server x11-forwarding enable
no ssh server x11-forwarding enable

Enables X11 forwarding on the SSH server.
The no form of the command disables X11 forwarding.

Syntax Description

N/A

Default

Disabled

Configuration Mode

config

History

1.5

Example

Copy
Copied!
            

ufmapl [ mgmt-sa ] (config) # ssh server x11-forwarding enable

Related Commands

show ssh server

Notes

ssh client global {host-key-check <policy>} | known-host <known-host-entry>}
no ssh client global {host-key-check | known-host localhost}

Configures global SSH client settings.
The no form of the command negates global SSH client settings.

Syntax Description

host-key-check

Sets SSH client configuration to control how host key checking is performed. This parameter may be set in 3 ways.

  • If set to "no" it always permits connection, and accepts any new or changed host keys without checking

  • If set to "ask" it prompts user to accept new host keys, but does not permit a connection if there was already a known host entry that does not match the one presented by the host

  • If set to "yes" it only permits connection if a matching host key is already in the known hosts file

known-host

Adds an entry to the global known-hosts configuration file. The entry consists of "<IP> <key-type> <key>".

Default

host-key-check – ask, no keys are configured by default

Configuration Mode

config

History

1.5

Example

Copy
Copied!
            

ufmapl [ mgmt-sa ] (config) # ssh client global host-key-check no

Related Commands

show ssh client

Notes

ssh client user <username> {authorized-key sshv2 <public key> | identity <key type> {generate | private-key [<private key>] | public-key [<public key>]} | known-host <known host> remove}
no ssh client user admin {authorized-key sshv2 <public key ID> | identity <key type>}

Adds an entry to the global known-hosts configuration file, either by generating new key, or by adding manually a public or private key.
The no form of the command removes a public key from the specified user's authorized key list, or changes the key type.

Syntax Description

username

The specified user must be a valid account on the system. Possible values: admin, monitor, xmladmin, and xmluser.

authorized-key sshv2

Adds the specified key to the list of authorized SSHv2 RSA or DSA public keys for this user account. These keys can be used to log into the user's account.

identity

Sets certain SSH client identity settings for a user, dsa2 or rsa2

generate

Generates SSH client identity keys for specified user

private-key

Sets private key SSH client identity settings for the user

public-key

Sets public key SSH client identity settings for the user

known-host

Removes host from user's known host file

Default

No keys

Configuration Mode

config

History

1.5

Example

Copy
Copied!
            

ufmapl [ mgmt-sa ] (config) # ssh client user admin known-host 172.30.1.116 remove

Related Commands

show ssh client

Notes

If a key is being pasted from a cut buffer and was displayed with a paging program, it is likely that newline characters have been inserted, even if the output was not long enough to require paging. One can specify "no cli session paging enable" before running the "show" command to prevent the newlines from being inserted.

slogin [<slogin options>] <hostname>

Invokes the SSH client. The user is returned to the CLI when SSH finishes.

Syntax Description

slogin options

usage: slogin [-1246AaCfgkNnqsTtVvXxY] [-b bind_address] [-c cipher_spec] [-D port]
[-e escape_char] [-F configfile] [-i identity_file] [-L port:host:hostport]
[-l login_name] [-m mac_spec] [-o option] [-p port] [-R port:host:hostport]
[user@]hostname [command]

Default

N/A

Configuration Mode

config

History

1.5

Example

Copy
Copied!
            

ufmapl [ mgmt-sa ] (config) # slogin 192.168.10.70 The authenticity of host '192.168.10.70 (192.168.10.70)' can't be established. RSA key fingerprint is 2e:ad:2d:23:45:4e:47:e0:2c:ae:8c:34:f0:1a:88:cb. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.10.70' (RSA) to the list of known hosts.   Mellanox MLNX-OS Switch Management   Last login: Sat Feb 28 22:55:17 2009 from 10.208.0.121   Mellanox Switch

Related Commands

Notes

show ssh client

Displays the client configuration of the SSH server.

Syntax Description

N/A

Default

N/A

Configuration Mode

Any configuration mode

History

1.5

Example

Copy
Copied!
            

ufmapl [ mgmt-sa ] (config) # show ssh client SSH client Strict Hostkey Checking: ask   SSH Global Known Hosts: Entry 1: 72.30.2.2 Finger Print: 1e:b7:8b:ec:ab:35:98:be:6b:d6:12:c2:18:72:12:d6   No SSH user identities configured.   No SSH authorized keys configured.

Related Commands

ssh client global
ssh client user

Notes

show ssh server

Displays SSH server configuration.

Syntax Description

N/A

Default

N/A

Configuration Mode

Any configuration mode

History

1.5

Example

Copy
Copied!
            

ufmapl [ mgmt-sa ] (config) # show ssh server SSH server configuration: SSH server enabled: yes Minimum protocol version: 2 X11 forwarding enabled: no SSH server ports: 22   Interface listen enabled: yes No Listen Interfaces.   Host Key Finger Prints: RSA v1 host key: a0:63:db:96:e2:95:5a:5a:fd:a8:d0:f4:ab:e3:5f:f8 RSA v2 host key: 1e:b7:8b:ec:ab:35:98:be:6b:d6:12:c2:18:72:12:d6 DSA v2 host key: 7c:4a:f7:72:51:67:b5:0b:cd:a2:d2:b9:f3:be:3e:68

Related Commands

ssh server

Notes

© Copyright 2023, NVIDIA. Last updated on Sep 6, 2023.