Monitoring the Current Status of the SSH Server

Purpose

Display the current state of the SSH server. You can also use the detail keyword to display the encryption and MAC algorithm lists for the client and server. For each active session, detail shows the version of SSH running on the client and the algorithms in use for encryption and message authentication.

Action

To display the current state of the SSH server:

host1#show ip ssh detail
SSH Server version: SSH-2.0-2.0.12
SSH Server status: enabled, up since THU JUL 24 2008 16:01:17 UTC
supported encryption, inbound: 3des-cbc,blowfish-cbc,twofish-cbc
supported encryption, outbound: 3des-cbc,blowfish-cbc,twofish-cbc
supported MAC, inbound: hmac-sha1,hmac-sha1-96,hmac-md5
supported MAC, outbound: hmac-sha1,hmac-sha1-96,hmac-md5
user authentication: enabled
user authentication protocol: TACACS+
retry limit: 20
sleep period: 600
timeout: 600
connections since last system reset: 4 out of 4 attempts
connections since daemon startup:    4 out of 4 attempts
active sessions: 1

id

username

host

uptime (d:h:m:s)

client version

ciphers inbound/outbound

MAC inbound/outbound

3

mcarr

10.0.0.145

0:00:00:19

SSH-2.0-2.0.12 F-SECURE SSH

3des-cbc/3des-cbc

hmac-md5/hmac-md5

Note: To view failed connection attempts and other protocol errors logged at the error severity level, use the show log data command.

Meaning

Table 95 lists the show ip ssh detail command output fields.

Table 95: show ip ssh detail Output Fields

Field Name

Field Description

daemon status

Indicates whether the SSH server is enabled; if so, how long it has been up

supported encryption, inbound

Encryption algorithms supported inbound from the client

supported encryption, outbound

Encryption algorithms supported outbound to the client

supported MAC, inbound

Message authentication code algorithms supported inbound from the client

supported MAC outbound

Message authentication code algorithms supported outbound to the client

connections since last system reset

Number of connections made through SSH since the last time the system was reset

connections since daemon startup

Number of connections made since the SSH server was enabled

active sessions

Number of SSH sessions currently active:

  • id—Session ID number
  • username—Username for the remote user that initiated the session
  • host—IP address of the remote client
  • uptime (d:h:m:s)—Duration of the session
  • client version—Version of the SSH software run by the remote client
  • ciphers inbound/outbound—Encryption algorithms used by the client and the system for this session
  • MAC inbound/outbound—Message authentication code algorithms used by the client and the system for this session

Related Documentation