Enable ssh, Enable ssh on public, Ssh port – Cisco VPN 3002 User Manual

8-14

VPN 3002 Hardware Client Reference

OL-1893-01

Chapter 8 Management Protocols

Configuration | System | Management Protocols | SSH

Enable SSH

Check the box to enable the SSH server. The box is checked by default. Disabling the SSH server
provides additional security by preventing SSH access.

Enable SSH on Public

Check the box to enable SSH on the Public interface.

SSH Port

Enter the port number that the SSH server uses. The default is 22, which is the well-known port.

Maximum Sessions

Enter the maximum number of concurrent SSH sessions allowed. Minimum is 1, default is 4, and
maximum is 10.

Key Regeneration Period

Enter the server key regeneration period in minutes. If the server key has been used for an SSH session,
the VPN 3002 regenerates the key at the end of this period. Minimum is 0 (which disables key
regeneration, default is 60 minutes, and maximum is 10080 minutes (1 week).

Note

Use 0 (disable key regeneration) only for testing, since it lessens security.

Encryption Algorithms

Check the boxes for the encryption algorithms that the VPN 3002 SSH server can negotiate with a client
and use for session encryption. All algorithms are checked by default. You must check at least one
algorithm to enable a secure session. Unchecking all algorithms disables SSH.

•

3DES-168 = Triple-DES encryption with a 168-bit key. This option is the most secure but requires
the greatest processing overhead.

•

RC4-128 = RC4 encryption with a 128-bit key. This option provides adequate security and
performance.

•

DES-56 = DES encryption with a 56-bit key. This option is least secure but provides the greatest
export flexibility.

•

No Encryption = Connect without encryption. This option provides no security and is for testing
purposes only. It is not checked by default.