Configuring a C Series Controller to Accept SSH Connections (SRC CLI)

You can enable SSH to let users who have the appropriate privileges connect to a C Series Controller. For security reasons, we recommend that you do not allow remote users to access the CLI as root.

Use the following configuration statements to enable SSH access from the [edit] hierarchy level:

system services ssh {root-login (allow | deny | deny-password);port port; protocol-version (v1 | v2); }

To configure the C Series Controller to accept SSH connections:

  1. From configuration mode, access the [edit system services ssh] hierarchy level.
  2. (Optional) Specify that SSH version 1 be used.
    [edit system services ssh] user@host> set protocol-version v1

    SSH version 2 is enabled by default.

  3. (Optional) Specify the listening port number for incoming SSH connections. The value range is 1–65,535. By default, the SRC software listens for incoming SSH connections on port 22.
    [edit system services ssh]user@host> set port port

    Note:

    • It is recommended that you configure a value lower than 1024 because only root users can listen on port numbers lower than 1024. This prevents other users from listening on the port. If you configure a value higher than 1024, a warning message is displayed.
    • If you set the listening port number to a value other than the default, you must append the “–p” flag to the configured listening port number while logging in to the SRC system. For example, ssh root@10.212.10.14 –p port.
  4. (Optional) Specify whether or not to allow users to log in as root through SSH:
    [edit system services ssh] user@host> set root-login (allow | deny | deny-password)

    where:

    • allow—Allows users to log in to the C Series Controller as root through SSH
    • deny—Prevents users from logging in to the C Series Controller as root through SSH
    • deny-password—Allows users to log in to the C Series Controller as root through SSH when the authentication method (for example, RSA authentication) does not require a password. This is the default.

Related Documentation