Enabling and Disabling SSH

The SSH server daemon starts only if the server host key exists when the router boots. The host key resides in NVS and is persistent across system reboots. After it has started, the daemon listens for traffic on TCP port 22. The server daemon is disabled by default.

crypto key dss

• Use the generate keyword to create the SSH server host key and enable the daemon.
• Example

  host1(config)#crypto key generate dss

• Use the zeroize keyword to remove the SSH server host key and stop the SSH daemon if it is running. Issuing this command terminates any active client sessions. The next time the router boots after this command is issued, the SSH server daemon is not started.
• The command is not displayed by the show configuration command.

  Note: SSH can be enabled or disabled regardless of the state of the Telnet daemon. If SSH is enabled, use access control lists to limit access through Telnet. See Virtual Terminal Access Lists for information about using access control lists.

• Example

  host1(config)#crypto key zeroize dss

• There is no no version.
• See crypto key dss.

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.