Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring a C Series Controller to Accept SSH Connections (SRC CLI)

 

You can enable SSH to let users who have the appropriate privileges connect to a C Series Controller. For security reasons, we recommend that you do not allow remote users to access the CLI as root.

Use the following configuration statements to enable SSH access from the [edit] hierarchy level:

To configure the C Series Controller to accept SSH connections:

  1. From configuration mode, access the [edit system services ssh] hierarchy level.

  2. (Optional) Specify that SSH version 2 be used.

    Note

    SSH version 1 is not supported from SRC 4.12 release. When you upgrade to SRC 4.12 release, SSH version 2 is enabled by default even if you have configured SSH version 1 in the previous SRC release.

  3. (Optional) Specify the listening port number for incoming SSH connections. The value range is 1–65,535. By default, the SRC software listens for incoming SSH connections on port 22.

    Note
    • It is recommended that you configure a value lower than 1024 because only root users can listen on port numbers lower than 1024. This prevents other users from listening on the port. If you configure a value higher than 1024, a warning message is displayed.

    • If you set the listening port number to a value other than the default, you must append the “–p” flag to the configured listening port number while logging in to the SRC system. For example, ssh root@10.212.10.14 –p port.

  4. (Optional) Specify whether or not to allow users to log in as root through SSH:

    where:

    • allow—Allows users to log in to the C Series Controller as root through SSH

    • deny—Prevents users from logging in to the C Series Controller as root through SSH

    • deny-password—Allows users to log in to the C Series Controller as root through SSH when the authentication method (for example, RSA authentication) does not require a password. This is the default.