Allied Telesis Support Portal

How do I configure the SSH service on AW+ switches?

The default virtual terminal configuration allows for 5 simultaneous user sessions.
 
line vty 0 4

The default SSH server parameters do not have a simultaneous session limit, but there is a parameter limiting the number of simultaneous SSH login attempts awaiting authentication—Maximum Startups.
 
awplus#show ssh server
 
Secure Shell Server Configuration
------------------------------------------------------------
SSH Server                                            : Enabled
Protocol                                                 : IPv4,IPv6
Port                                                        : 22
Version                                                  : 2,1
Services                                                 : scp, sftp
User Authentication                            : publickey, password
Resolve Hosts                                      : Disabled
Session Timeout                                   : 0 (Off)
Login Timeout                                       : 60 seconds
Maximum Startups                               : 10
Debug                                                    : NONE
 
Modifying SSH server parameters:
 
awplus(config)#ssh server v2only
awplus(config)#ssh server session-timeout 1200
awplus(config)#ssh server max-startups 5
awplus(config)#ssh server login-timeout 5
 
awplus#sho ssh server
Secure Shell Server Configuration
------------------------------------------------------------
SSH Server                                            : Enabled
Protocol                                                 : IPv4,IPv6
Port                                                       : 22
Version                                                  : 2  ----------------------------- more secure, no real need to use v.1
Services                                                 : scp, sftp
User Authentication                                 : publickey, password
Resolve Hosts                                         : Disabled
Session Timeout                                     : 1200 seconds -------------  enable automatic termination of idle
                                                                                                   Authenticated sessions
Login Timeout                                         : 5 seconds ----------------- minimize how long an individual login
                                                                                                 attempt can tie up SSH resources
Maximum Startups                                  : 5 ------------------------------ set the number of concurrent login attempts
                                                                                                 consistent with the number of VTY sessions
Debug                                                    : NONE
 
Set the VTY interface to have a session timeout consistent with the SSH service, then cleared all sessions to make all configuration updates effective.
 
awplus(config)#line vty 0 4
awplus(config-line)#exec-timeout 20 [minutes]
% The new exec-timeout settings will apply to new sessions only
awplus(config-line)#exit
awplus(config)#exit
awplus#clear ssh all
 
Previous MonthNext Month
SunMonTueWedThuFriSat