CANOGA PERKINS CanogaOS Configuration Guide User Manual

CanogaOS Configuration Guide

Proprietary & Confidential Canoga Perkins Metro Ethernet Switches

Page 322 of 350

Version 2.

DUT(config)#ip ssh server authentication-timeout 100

Configure the SSH control parameters:

• Specify the time-out value in seconds; the default is

120 seconds. The range is 0 to 120 seconds. This
parameter applies to the SSH negotiation phase.

DUT(config)#ip ssh server authentication-retries 3

Configure the SSH control parameters:

• Specify the number of times that a client can

re-authenticate to the server. The default is 6; the
range is 1 to 6.

DUT(config)#ip ssh server authentication-type all

Configure the SSH control parameters:

• Specify the authentication type. The default is

password and public-key.

DUT(config)#ip ssh server rekey-interval 100

Configure the SSH control parameters:

• Specify the server key lifetime. The default is 60

minutes.

DUT(config)#exit

Exit the Configure mode.

40.1.4 Validation Commands
To display the SSH server configuration, use the show ip ssh server status privileged EXEC
command.

DUT#show ip ssh server status

SSH server enabled

Version: 1.99

Authentication timeout: 100 second(s)

Authentication retries: 3 time(s)

Server key lifetime: 100 minute(s)

Authentication type: all

40.1.5 Configuring RSA Key
Beginning in privileged EXEC mode, follow these steps to configure RSA key:

DUT#configure terminal

Enter the Configure mode.

DUT(config)#rsa key key_test import url
flash:/key_test.pub public ssh2

Import RSA key.

In this case, the RSA key type is public and SSH2.

DUT(config)#username user_a assign rsa key key_test

Assign user with RSA key.

DUT(config)#exit

Exit the Confiure mode.

To delete RSA key, use the no rsa key global configuration command.