Westermo MR Series User Manual

249

6622-3201

Web Interface and Command Line Reference Guide

www.westermo.com

Host key #2 filename:

This is the filename of either an SSH V1 host key or an SSH V2 host key. It is highly recommend-
ed that the filename be prefixed with “priv” to ensure that the key is not compromised. This key
is generated on the Configure > Certificates > Utilities page

Note:
The Host key filenames cannot be more than 12 characters in length. This includes the exten-
sion and extension separator “.”.

Maximum login time (secs):

This parameter specifies the maximum length of time in seconds that a user is allowed to suc-
cessfully complete the login procedure once the SSH socket has been opened. The socket is
closed if the user has not completed a successful login within this period.

Maximum login attempts:

This is the maximum number of login attempts allowed before the SSH socket will be closed.

Compression level:

SSH uses the DEFLATE compression algorithm. This parameter is used to set the desired level
of compression. Higher values may result in better compression but will require more CPU time
within the router. If the value is set to 0, compression is disabled.

Port forwarding enabled:

When enabled and used with SSH client software (such as PuTTY) that has port forwarding
functionality, different ports other than 23 can be forwarded to the router. For example, once
the SSH tunnel is connected, http port 80 traffic can sent securely to the router.

V1 Options

Server key bits:

During the initialisation of an SSH session, the server sends its host key and a server key (which
should be of a different size to the host key). The unit generates this key automatically but the
length of the server key is determined by this parameter. If, when you set this value, it is too
similar to the length of the host key, the unit will automatically adjust the selected value so that
the key sizes are significantly different.

V2 Options

Actively start key exchange:

Some SSH clients wait for the server to initiate the key exchange process when a new SSH ses-
sion is started unless they have data to send to the server, in which case they will initiate the
key exchange themselves. If this parameter is set to “Yes”, the unit will automatically initiate a
key exchange without waiting for the client.

Rekey Kbytes:

With SSH V2 it is possible to negotiate new encryption keys after they have been used to
encrypt a specified amount of data. This parameter is used to specify the amount of data that
passed over an encrypted link before a new set of keys must be negotiated. When the param-
eter is set to 0 new keys are not negotiated.