[an error occurred while processing this directive][an error occurred while processing this directive]

Configuring SSH Service for Remote Access to the Router or Switch

To configure the router or switch to accept SSH as an access service, include the ssh statement at the [edit system services] hierarchy level:

[edit system services]ssh {root-login (allow | deny | deny-password);protocol-version [v1 v2];<connection-limit limit>;<rate-limit limit>;}

By default, the router or switch supports a limited number of simultaneous SSH sessions and connection attempts per minute. Include either or both of the following statements to change the defaults:

  • connection-limit limit—Maximum number of simultaneous connections (a value from 1 through 250). The default is 75.
  • rate-limit limit—Maximum number of connection attempts accepted per minute (a value from 1 through 250). The default is 150.

For information about other configuration settings, see the following topics:

Configuring the Root Login Through SSH

By default, users are allowed to log in to the router or switch as root through SSH. To control user access through SSH, include the root-login statement at the [edit systems services ssh] hierarchy level:

[edit system services ssh]root-login (allow | deny | deny-password);

allow—Allows users to log in to the router or switch as root through SSH. The default is allow.

deny—Disables users from logging in to the router or switch as root through SSH.

deny-password—Allows users to log in to the router or switch as root through SSH when the authentication method (for example, RSA) does not require a password.

Configuring the SSH Protocol Version

By default, both version 1 and version 2 of the SSH protocol are enabled. To configure the router or switch to use only version 1 of the SSH protocol, include the protocol-version statement and specify v1 at the [edit system services ssh] hierarchy level:

[edit system services ssh]protocol-version [ v1 ];

To configure the router or switch to use only version 2 of the SSH protocol, include the protocol-version statement and specify v2 at the [edit system services ssh] hierarchy level:

[edit system services ssh]protocol-version [ v2 ];

To explicitly configure the router or switch to use version 1 and 2 of the SSH protocol, include the protocol-version statement and specify v1 and v2 at the [edit system services ssh] hierarchy level:

[edit system services ssh]protocol-version [ v1 v2 ];

For J Series Services Routers, the export license software supports SSH version 1 only.


Published: 2010-04-26

[an error occurred while processing this directive]